Reference #: 5984
Location: Remote
Remote Type: Sub-contract

Donna Cona Inc. is currently seeking a Security Operations Centre (SOC) Analyst.  The SOC Analyst will be responsible for combining multiple sources of evidence to determine how a security incident occurred and what steps need to transpire to remediate it, and for building capabilities that close information gaps, strengthen cloud defences, and defend users from emerging security threat, for one of our key government clients.

Candidate MUST have the following:

  • Minimum 7  years of applicable IT experience;
  • Experience working in a Security Operation Center;
  • Experience in a technical support/helpdesk environment and knowledge of cyber security;
  • Experience in responding to, investigating, and recovering from compromise and data breach events;
  • Prioritizing alerts and issues and performing triage to confirm security incidents;
  • Performing analysis on true positive alerts to determine root cause and impact;
  • Collaborating with teams to create and potentially execute incident mitigation and remediation plans;
  • Evaluating security risks and their impact to the Microsoft Cloud platform and other online services;
  • Creating technical documentation for other analysts and other teams to follow; and
  • Supporting cross government incidents and crisis.

Candidate will have the following demonstrated experience:

  • Implementing best fit security measures and controls in alignment with industry leading practices for cloud-based services such as M365, including Azure AD, Exchange, SharePoint, OneDrive, Zoom and Teams;
  • Familiar with the various types of Mult-factor authentication for on-premise and cloud based infrastructure;
  • Analyzing various segments of infrastructure, including firewalls, syslog systems, central identity platforms from various suppliers such as Cisco, PaloAlto and/or ZScaler to assess and investigate security incidents or IOC’s;
  • Maintaining intimate knowledge of IT security trends and events;
  • Recommending security enhancements;
  • Monitoring networks for security breaches and investigating violations when they occur;
  • Assisting with the development of security standards and best practices for the organization for cloud computing and on-premise;
  • Analyzing and resolving security incidents across M365 (e.g. Office ATP, Office 365, AAD and MDATP) as well as across Microsoft (Azure, Corporate Security);
  • Using Azure Sentinel and solutions to manage incidents and threat responses;
  • Cataloguing all incident reports and resolutions in ticketing solution and SharePoint repository;
  • Documenting resolution under incident categories in the security tools;
  • Proven experience working in security teams over time with responsibilities across engineering, security operations, and/or cybersecurity investigations;
  • Deep understanding of Security Operations Center and Security Incident Response Team processes and procedures;
  • Understanding of various attack vectors, threat tactics and attacker techniques ranging from APTs, Malware, DDoS, Exploits;
  • Proven success driving change based on learnings from incidents: Post Incident Reviews (PIR) / After-Action Reports / Post-Mortems;
  • Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques;
  • Familiarity with various attack and detection frameworks like MITRE;
  • Good knowledge of kill-chain model, ATT&CK framework, and modern red team tactics and techniques;
  • Ability to work effectively in ambiguous situations and respond favorably to change;
  • Completing incident reports and submitting to Director of ICT;
  • Desire to work in a continuous learning environment where responsibilities are matrixed across various peer teams, and where new challenges will come in each day that need to be solved with innovating thinking; and
  • Excellent communication skills and situational awareness. Working closely with other technical specialists and system administrators.

Nice to Have:

  • Any of the following: CompTia Security +, GIAC; GCIA ,GCIH, GCFE, GCFA;
  • Ability to work with KQL, logic apps, flow and Power Automate;
  • Preference to security related certifications like CISSP, CEH, M365 Secuctiy Admin, Azure Security Associate;

 

  • To apply for this position please complete the form below.
  • Please note that these must be in one document, and can be in .docx, .doc, .pdf or .rtf formats
  • This field is for validation purposes and should be left unchanged.