Senior Cyber Defence Analyst | Fredericton NB
Who we are:
Bulletproof is a premiere technology company founded in Atlantic Canada and driven by innovative, empowered and creative teamwork. More than, 70,000 users on 6 continents trust us to keep their networks, data and identities safe.
Our Security Operations Center protects our clients 24 hours a day by providing extensive Cyber Security Services, including best-in-class technology offerings.
It is an exciting time to join the Bulletproof team! As part of the GLI family of companies, we provide our employees the opportunity to be part of a global company within an exciting industry.
What we offer:
You will find a relaxed and collaborative work atmosphere at the Bulletproof SOC, with flexibility to accommodate for your individual needs. We praise ourselves in having an inclusive company culture that fosters innovation and growth through diversity and equality.
We’ll help you grow with a strategy that will support you every step of the way. First, we’ll give you access to the training courses you need to become the expert you want to be. Then, you’ll learn directly from experts in the field (our team leads love to mentor). When you’re ready, we’ll give you the opportunity to work in many different areas within the SOC, to figure out what really excites you.
For this position, we offer a market compatible salary, 2-week of paid vacation, Pension plan and Health Insurance.
The Senior Cyber Defense Analyst works full time at the Security Operations Center (SOC) as a subject matter expert, monitoring security events from internal security devices and authentication services associated with the organization’s security controls.
They possess strong technical analytical skills and provide accurate evaluations of security-related problems. They have a well–rounded networking background and are responsible for performing extensive troubleshooting of issues in the SOC. They are user focused and work to resolve problems and address user needs in a timely manner. These needs involve resolving hardware/software failures, investigating and responding to security threats, and making change requests to the security policy of devices.
Who you are:
- Proficient oral and written communication.
- Sensitive to clients’ needs, can develop warm client relationships.
- Take initiative and produce results.
- Collaborate effectively with a talented team.
- Suggest and carry out practical actions to deal with issues
- Characterize and verify network traffic to identify anomalous activity and potential threats.
- Coordinate with enterprise-wide and customer-wide cyber defense staff to validate network alerts and assist in cyber incident response by articulating the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
- Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
- Perform cyber defense trend investigation and reporting.
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and discover the effectiveness of an observed attack.
- Perform security reviews and identify security gaps in security architecture resulting in recommendations.
- Provide reports of network events and activity relevant to cyber defense practices.
- Receive and investigate network alerts from various sources within the enterprise and propose possible causes of such alerts.
- Investigate identified malicious activity to discover weaknesses exploited, exploitation methods, effects on system and information.
- Examine network topologies to understand data flows through the network.
- Conduct research, evaluation, and correlation across a wide variety of data sets.
- Validate intrusion detection system (IDS) alerts against network traffic using specific tools.
- Isolate and remove malware.
- Reconstruct a malicious attack or activity based off network traffic.
- Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats.
- Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and discover which security issues may have an impact on the enterprise.
- Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
- Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
- Cyber threats and vulnerabilities.
- Cybersecurity and privacy principles, best practices and frameworks such as NIST, PCI and HIPAA.
- Cybersecurity technologies such as Firewalls, IDS, IPS, SIEM and other detection tools.
- Cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- How to use network investigation tools to identify vulnerabilities.
- Encryption methodologies.
- Computer networking concepts and protocols.
- Cybersecurity incident response and handling.
- Operating systems.
- Network attacks and a network attack’s relationship to both threats and vulnerabilities.
- Network tools (e.g., ping, traceroute, nslookup)
- Different types of network architectures (e.g., LAN, WAN, MAN, WLAN, WWAN).
- OSI model and underlying network protocols (e.g., TCP/IP).
- Packet-level investigation using appropriate tools (e.g., Wireshark, tcpdump).
- Network protocols such as TCP/IP, DHCP, HTTP, FTP, NTP and DNS.
- Bachelor’s degree in Computer Science or equivalent experience relevant to network security with relevant industry certifications.
- 3-5 years of related experience in a Network support and or Network operations role or any combination of education and experience, which would provide an equivalent background.
- IBM QRadar administration expertise is not essential but will be considered a plus.
- CISSP and other technical security certifications (e.g. Information Systems Security Architecture Professional, Information Security Engineering Professional, Certification and Accreditation Professional, or equivalent certifications) will be considered a plus.
Bulletproof is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Bulletproof is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Sound like a fit for you?