Job Openings Cybersecurity Operation Analyst

About the job Cybersecurity Operation Analyst

Location: Fredericton, Canada

In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible.

Fredericton, New Brunswick, Canada (Onsite)

Position Summary

Thales requires a Cyber Security Analyst to be responsible for the detection and prevention of cyber security incidents by real-time monitoring, and analysis of potential intrusions. This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events. The position operates and tunes security tools, provides requirements for new security capabilities, and creates use cases for monitoring.

The Cyber Security Operations Centre (CSOC) team will rely on your contribution to perform an in-depth analysis of evidence, identify the malicious operations, and evaluate the real impact to solve in a quick and efficient manner. This is a key role when it comes to on-boarding new customers, maintenance, and enhancement of the CSOCs infrastructure, and the continuous refinement of our operational processes and capabilities.

Key Areas of Responsibility

As the analyst you must have knowledge, skills, and work experience in a CSOC, IT infrastructure (on-prem/cloud) and network security. Proficiency in utilizing and overseeing SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), log and network analysis, as well as network security components (Firewall, WAF, IDS/IPS), is essential for success in this role. The analyst collaborates closely with global SOC teams. This role includes actively participating in shift handovers to facilitate the seamless exchange of critical information, incident details, and ongoing investigations.

Threat Analysis:

  • Monitor, analyze, and report possible Cyber-attacks or intrusions, anomalous, and misuse activities.
  • Leverage variety of Cyber Security tools (SIEM, EDR, and Sandbox) for analysis to identify malicious activity.
  • Analyze identified malicious activity to determine Tactics, Techniques, and Procedures (TTPs), gather indicator of compromise (IOC) and any relevant information.
  • Assess cyber risks and recommend pragmatic mitigation strategies.
  • Participate in threat-hunting activities, looking for anomalies. Ingest, analyze, and contextualize data and turn that into intelligence for threat assessment and risk management.

Detection engineering support:

  • Create queries/rules for specific threat searches, reports, and alerts on SIEM based on the incident, latest threat intelligence and cyber security trends.
  • Participate in the refinement and optimization of correlation rules and security use cases. Support testing and validation of existing detection rules against a variety of attack scenarios to ensure their effectiveness.
  • Provide feedback, and contribute to improvement SOC operations, alerts classification to minimize false positive.

Incident Response support:

  • Support the investigation and provide pragmatic advice to remediate security incidents.
  • Follow incident response process, document, and escalate security incidents. Stay up to date with security incidents until closure.
  • Conduct research, analysis and correlate gathered data from various sources to gain situational awareness and determine the impact of the incident.
  • Assist in secure collection of artifacts, analyze for malicious behavior, and carry out analysis to determine the root cause of events.

Vulnerability Management:

  • Stay up to date with the latest Common Vulnerabilities and Exposures (CVE).
  • Advice and track vulnerabilities and remediation efforts.

Operations

  • Provide daily summary reports of Cybersecurity incidents, operation statistics of monitoring tools, and latest Cybersecurity related news.
  • Perform trend analysis and develops metrics and reports on intelligence and incidents for management.
  • Contribute to the creation, update of Security Operation and incident response best practices, and processes.
  • Support customer onboarding projects to ensure a successful transition to CSOC for security monitoring services.
  • Willingness to work flexible shifts between 8:00 AM to 8:00 PM.

Minimum Qualifications

Work Experience:

  • Minimum of 3 years of relevant experience in System or Network Architecture and Administration, or Security Analysts, Security Operations Center (SOC), or Incident Responder, Computer Emergency Response Team (CERT)
  • Proven experience working in a SOC environment, handling security incidents, and utilizing security tools. Attended shift hand-over and worked on a flexible shift schedule.
  • Experience in building SOC processes, Playbooks, Correlation rules, and Incident report.

Technical Proficiency:

  • Strong fundamentals in IT networking, servers, security principles and strong troubleshooting skills.
  • Knowledge of NIST Cybersecurity Framework (CSF), MITRE ATT&CK and Cyber Kill Chain
  • Proficient in various SIEM, EDR, log collections technology and solutions.
  • Proficient in alert triage, malware analysis, sandboxing, basic decoding, and scripting.
  • Familiarity with various cybersecurity tools, operating systems, and technologies.

Analytical / Hacker mindset:

  • Curiosity and attention to detail are essential.
  • Ability to analyze complex security events and draw meaningful conclusions.
  • Persistence, and creative thinker
  • Maintain accurate and detailed records of security incidents, investigations, and actions taken.
  • Utilize various data sources and analytical insights to construct threat scenarios and perform threat modeling.

Certifications (requirement):

  • Currently holding one or more Cybersecurity industry recognized certifications (ISACA, ISC2, GIAC SANS, CompTIA, Offensive Security, and others)
  • Must hold or complete the training and attain the following certifications:
    • Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA), xSOAR
    • Splunk (Core Certified Power User)
    • Microsoft Azure Sentinel (SC-200)
    • IBM Qradar and other SIEM certification is a plus.

If youre excited about working with Thales, but not meeting the requirements for this position, we encourage you to join our Talent Community!

Special Position Requirements

Schedule: 40 hrs. per week, schedule can rotate between teams. Service coverage is between 8 AM 8 PM AST

  • Shift 1: 8:00 16:00
  • Shift 2: 10:00 18:00
  • Shift 3: 12:00 20:00

Physical Environment: Onsite, Cybersecurity Operation Center, Cyber Range, Cyber Labs

What We offer

Thales provides an extensive benefits program for all full-time employees working 24 or more hours per week and their eligible dependents, including the following:

Company paid Extended Health, Dental, HSA, Life, AD&D, Short-term Disability, Cancer Care Program, t ravel insurance, Employee Assistance Plan and Well-Being program.

Retirement Savings Plans (RRSP, DCPP, TFSA) with a company contribution and a match to a DCPP, with no vesting period.

Company paid holidays, vacation days, and paid sick leave.

Voluntary Life, AD&D, Critical Illness, Long-Term Disability.

Employee Discounts on home, auto, and gym membership.

Why Join Us?

Say HI and learn more about working at Thales click here.

#LI-Hybrid

#LI-PD1

Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.

This position requires direct or indirect access to hardware, software or technical information controlled under the Canadian Export Control List, the Canadian Controlled Goods Program, the Canadian Industrial Security Program, the US International Traffic in Arms Regulations (ITAR) and/or the US Export Administration Regulations (EAR). All applicants must be eligible or able to obtain authorization for such access including eligibility to the Canadian Controlled Goods Program and able to obtain a Canadian NATO Secret clearance.