Span of control Analyst M/F - VIE Montreal

Summary of the key purposes of the role  

Automate:

• The SOC currently manually produce a lot of documentations, dashboards, etc. We are looking for a creative person to help us automate some of those tasks, so we can spend more time doing Incident Response and less on reporting.
• The SOC does a lot of manual research online. We need to automate most of the information gathering in order to reduce our response time on our incident.
• Other automation projects for Threat Hunting purposes

Detect:

• Detection use cases (UC) needs to be created by the SOC to generates alerts when malicious activity occurs on our network. The SOC needs to stay up to date with state-of-the-art detection to catch the new emerging threats and leverage all the security deployed in our environment.

Respond:

• Every time a new detection rule is put in place we need make sure it works as intended. Someone needs to analyse the output of each alert and make sure they are relevant. Once the alerts are high fidelity, we can send them to our level one third party
• Each alert created needs proper Incident Response Playbook (IRP). Those IRP are built during the soaking period mentioned above

Mitigate:

• When security incident occurs the SOC needs to contain the breach and eradicate the threat.

The candidate will

• Propose new way to automate tedious aspect of the SOC analyst tasks
• Built scripts to retrieve valuable information on the internet that the SOC can leverage to
• Help detecting threats
• Help triaging the alerts
• Help classify the alerts
• Identity data leakage in public cloud (aka Github, Pastebin, Slideshare, etc.)
• Built UC to detect threats that could impact SG
• Built the documentation of those UC
• Built the IRP for all detection built
• Test the quality of the detection built by the team
• Support the level 1 third party SOC in investigation
• Follow established process to respond to confirmed incident
• Participate in post-mortem after each major security incident