Cyber Security Operations Center Analyst

Cyber Security Operations Center Analyst (L2) Location Mississauga, ON : Responsibilities:

About the role

Finastra's Cyber Security Operations team is at the front line of detecting, monitoring for and responding to cybersecurity incidents within the global infrastructure. The Security Operations Center Analyst will have a crucial role in defending the enterprise network from potential and active threats. You will be agile, willing to learn and able to think outside of the box in order to operate effectively in a dynamic threat landscape. You will have the opportunity to work with cutting edge tools to monitor and defend the enterprise and customers from a wide array of cyber threats.

Responsibilities & Deliverables:

As a Security Operations Center Analyst, your deliverables will include, but not limited to, the following:

• Providing first level response for security events including but not limited to intrusion detection, malware infections, denial of service attacks, privileged account misuse and network intrusions.

• Following defined workflow and processes for threat remediation and escalation/handoff where required.

• Utilizing a variety of cloud-based and on-premises security tools and techniques to proactively analyze suspicious events, network anomalies and other potential threats to determine validity, impact, scope and recovery options.

• Using automated malware analysis tools to determine threat impact and taking actions appropriately.

• Support and administration of security tools and platforms in diverse, cloud-based and on-premises environments.

• Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts. Integrate and work with the firm's Managed Security Services Provider (MSSP) services

• Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing. Expanding the usage of security monitoring tools to improve the security of the environment based on business use cases or changes in threat landscape, root causes from security incident response, or output from security analytics

Required Skills & Experience:

• Four or more years of relevant work experience.

• Experience in an Operations Center (SOC/NOC) / monitoring environment.

• Experience working with SIEM technologies (e.g., ArcSight, QRadar, Splunk, Azure Sentinel, etc.) or Managed Security Service Providers (MSSP).

• Experience with threat monitoring procedures.

• Demonstrable knowledge of threats, attacks, logs, operating systems and security technology (firewalls, anti-malware, proxies, etc.)

• Cybersecurity experience in the financial industry.

• Knowledge and understanding of cyber risks and security issues in cloud-based and on-premises environments

• Knowledge of cyber security techniques, platforms and technologies (Enterprise Antivirus, IDS, deep packet inspection and host/network threat analysis).

• Knowledge of networking (including the OSI Model, TCP/IP, DNS, SMTP), system administration and/or security architecture.

• Knowledge of common enterprise Operating Systems (Windows 10, Windows Server, Linux, etc.)

• Knowledge of the fundamentals of mobile platforms: iOS, Android.

• Excellent verbal and written communication skills.

• Strong troubleshooting skills.

• Ability to work well both independently and in a highly collaborative environment.

• Ability to manage multiple priorities in a high pressure environment.

• Effective organizational skills.

Education/Certifications:

• Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Computer/Data Systems Management or a related field or discipline is preferred but not required.

• Certification in one or more of the following areas is desired but not required: GIAC Security Essentials Certification (GSEC), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED), GIAC Certified Windows Security Administrator (GCWN), GIAC Certified UNIX Security Administrator (GCUX), GIAC Continuous Monitoring Certification (GMON), GIAC Certified Perimeter Protection Analyst (GPPA), GIAC Certified Detection Analyst (GCDA), Certified Information Security Professional (CISSP)