SIEM Analyst

Summary

As pioneers of cybersecurity thought leadership in Canada’s research and education sector, ORION is committed to keeping our digital community safe by helping improve their cybersecurity posture. The successful candidate will have the opportunity to work collaboratively with cybersecurity experts across Ontario, Canada, and around the world.

ORION is a not-for-profit organization dedicated to empowering Ontario researchers, educators and innovators. We foster a community of more than two million users at more than a hundred universities, college, hospitals and research institutions, as well as most of Ontario’s school boards. We enable ground-breaking discoveries and cutting-edge education by connecting institutions and regions through our network, facilitating collaboration, and providing our community with the digital tools and expert support they need to make the world a better place.

What are we looking for

The candidate for the position of SIEM Analyst is required to have strong understanding of the Security Information and Event Management (SIEM), vulnerability assessment frameworks, infrastructure detection and discovery techniques, configuration and deployment of Intrusion Detection and Prevention Systems (IDS/ IPS), host-based and network-based firewalls, host-based and network-based forensics frameworks, and utilization of penetration testing techniques and tools to actively secure organizational assets.

This role is for those with technical troubleshooting and/or previous industry experience only.

You’ll need to have:

  • Passion and enthusiasm for cyber security
  • Strong communication skills to work with both collaborative cross-functional team of peers and departments within the company.
  • 2+ years of experience in security event analysis & triage, incident handling and root-cause identification
  • 2+ years of working knowledge of security information and event management (SIEM) technologies.
  • 1 to 2 years of experience with building parsers using Regular Expressions (regex)

Even better if you have:

  • Direct working experience related to FortiSIEM & Zeek IDS
  • Experience in automation of tasks through scripting or programming with Python.
  • 1 to 2 years of experience with security analytics solution such as ELK stack

Responsibilities and Duties

  • Support the SIEM team at ORION by working on all phases of the detection, investigation and resolution of cyber security events flagged by the various detection systems in use.
  • Implement a base set of rules and fine tune the configuration to provide meaningful reporting to the Senior analyst.
  • Support service request in-take process and communicate back to requestors promptly
  • Help to develop and configure use cases, and alerting rules within SIEM technologies.
  • Develop report in Kibana to track changes to current event log volume and sources by week, by month, and by device type
  • Analyze security events and incidents to determine the root cause and apply the appropriate mitigation measures as outlined by organization incident response plan
  • Triage and analysis of security events followed by prioritization and escalation of alerts that exceed the (SIEM) threshold
  • Assist in updating/developing, implementing and operating requisite processes and procedures.

Desired Certifications and Education

  • Bachelor’s degree from an accredited college or university in Computer Science, Information Systems, or related field.
  • An equivalent combination of related education and experience may be substituted
  • At least one of the following security certifications is preferred: CompTIA Security+, CCNA Cyber Ops, GIAC GSEC, ISC2 SSCP, CTIA

Applications

Please apply to jobs@orion.on.ca