top of page

Security Analyst

Ottawa, Canada

Job Reference Number

SWAT-CYB-OTT-04

Job Title

Location

Salary/Package

Additional Desired Skills

Security Analyst 

Ottawa, Canada

Negotiable depending on experience

Education Requirements & Experience

  • BE/B.Tech – CS/CSE or equivalent trade, CCNA, MSCE.

  • SIEM tool Certification

  • CEH will be a plus

  • Experience Level: 2-4 Years

  • Good knowledge of:

  • SIEM – Architecture, working of different components

  • Availability tools like Nagios, PRTG etc

  • Windows Server Administration

  • Linux Server administration

Job Description

S.W.A.T - CYBERSEURITY INC. is a company providing managed detection and response (MDR) services to its global customers by monitoring their IT infrastructure for cyber security attacks. We are looking for a Security Analyst for our SOC Administration team that will:

a) Monitor, maintain and troubleshoot health related issues relating to the SOC Tools.

b) Onboarding and troubleshooting of the devices and non-reporting devices.

c) Lead and guide a team of Security Engineers on shift for resolution of incident tickets raised in the shift.

Responsibilities

  • Good knowledge of SIEM, SIEM Architecture, SIEM health check.

  • Good verbal/written communication skills.

  • Review of daily health check of SIEM components like collector, processor, console etc.

  • Data archiving and backup and data purging as required and for compliance.

  • Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM etc.

  • Helping L3 and assisting L1 with required knowledge base details and basic documentations.

  • Co-ordination with L1 and SOC Monitoring team on troubleshooting issues and highlighting it to L3 for further resolution and escalation.

  • High ethics, ability to protect confidential information.

  • Work on fine tuning of correlation rules, creation of monitoring dashboards and filtering of traffic.

  • Building of incident reports, check if SLA has been met for incident alerting and incident closure.

  • Update and maintain SOC knowledge base for new security incidents and docs.

  • Creation of daily status report sheet and submit to SOC lead for review.

  • Review advisories and make necessary detection measures.

  • Troubleshooting non-reporting devices and maintain device status.

  • Working with OEM (Tool support) in a way to resolve the issue or incident raised.

  • Administration of Windows Servers on which the tools have been installed.

Essential Skills

  • Escalation point for L1 and SOC Monitoring team.

  • Good experience in SIEM administration and event flow architecture and different types of logs generated by devices like Windows, Proxy, Network Devices, Database…etc.

  • Good understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD).

  • Deep understanding of Windows, DB, Mail cluster, VM and Linux commands.

  • Must have knowledge of onboarding different devices into SIEM

  • Knowledge of network protocols TCP/IP and ports.

  • Team spirit and working ideas heading to resolution of issues.

  • Good verbal/written communication skills.

bottom of page