Description:
The Detection Analyst is a critical role reporting to the Manager, Detection Enablement within our Global Security Operations Centre (SOC). In support of Great-West Lifeco global security operations, the detection analyst will help mature the detection processes and capabilities to better defend our environments. You will be on the front lines of innovation working with a highly motivated team focused on identifying and developing solutions to detect and stop adversaries. This role will support our global 24/7 SOC by providing high-fidelity signals and technical analysis aimed to detect adversary tactics, techniques, and behaviors.
What You Will Do
- Actively work with our threat operations, threat intelligence, and detection engineering teams to enhance the processes that support the SOC team’s mission:
- Assist threat modelers with architecture analysis, threat modeling and technical design reviews of various solutions
- Ensure detection coverage aligns with threat model findings
- Translate threat model outputs into actionable detection requirements
- Define detection use cases and data source requirements
- Perform detection gap analysis between threat models and SIEM telemetry
- Prioritize detection use cases
- Work with stakeholders to ensure effective implementation of detection use cases
- Define and tune data sources to better identify and stop threat actor activity
What you will bring
- Query language proficiency (YARA, SQL, KQL, etc)
- Experience with git and common continuous delivery processes, JIRA and Confluence
- Effective written and verbal communication skills
- Strong community building or group collaboration skills
- Ability to self-teach, research, or quickly learn new technical and non-technical topics
- Ability to break down complex problems or systems using a hands-on approach
- Solid technical background related to at least one of application development, systems administration, network administration, systems architecture, cloud service providers
- Strong cybersecurity and application security background
- Familiarity of the core functionalities of security operations centres and detection engineering teams
- Ability to work independently and function effectively as part of a team in a dynamic environment
- The ability to work under stressful conditions for sustained periods of time
- A desire to make it harder for adversaries to succeed
- A degree or equivalent education in a related discipline such as Computer Science or Cyber Security, or a Certification in Information Security, or a combination of training and experience within Cyber Security
- Experience working in a SOC environment
- Specialized Knowledge
- Analytical capabilities and a strong ability to think creatively when approaching issues
- An ability to analyze logs from multiple sources (e.g. firewall, cloud, endpoints) to identify and investigate security events and anomalies
- An understanding of cyber advanced persistent threats, threat actors, IOC’s and TTPs
- Deep understanding of Cloud and Application Security Best Practices, including threat modeling
- Familiarity with the Lockheed Martin Kill Chain analysis, MITRE ATT&CK framework, STRIDE threat modeling framework
- Familiarity with the concept of detection engineering
- Ability to author products for peer and management audience levels
- Understanding of security technologies (intrusion detection/prevention system, network and operating system security, network firewall, WAF, SIEM, log management, VPN)
- Familiarity with incident handling processes and techniques
- Knowledge of the cyber threat landscape and how to apply attacker motivation, capability, and intent to an organizational threat profile
- Reliability Status Security Clearance – this can only be completed with candidates who receive an offer of employment. This is a personal security status that is required as a condition of employment before an employee can gain access to Protected B information, assets or work sites as outlined by the Government of Canada website. The cost of submitting these checks will be covered by Great West Life.