Are you passionate about cybersecurity? Do you consider yourself a cyber security expert? Are you motivated by curiosity, driven for success and have excellent customer service skills? Are you looking for a great opportunity to shine? Do you like working in a fun, fast-paced and rapidly growing work environment? CDW is currently looking for an experienced Information Security Specialist (L3) to join its 24x7 Security Operations Center (SOC) team for full time day shift.
The Information Security Specialist is the subject matter expert (SME) for our supported SIEM technology, as well as NGFW technologies. This role also provides second level support for security investigations from the L2 team within the SOC.
Your background should include expert knowledge of SIEM including log integration, use case deployment, development and management, features enablement, troubleshooting and support, and client on-boarding. You should have previous experience with logging and monitoring, preferably from an L2 SOC role, and be an experienced and agile security investigator. You should have a good understanding of network security practices. Excellent customer service while solving problems should be a top priority for you. CDW is a fast-paced, entrepreneurial environment so to be successful you’ll need to be a proactive individual, take direction well, communicate succinctly and collaborate effectively. Core Responsibilities:
- Be a subject matter expert on SIEM technology such as LogRhythm, QRadar or Splunk including deployment, configuration, maintenance, use-case management
- Strong investigation skills to conduct incident investigations on SIEM that have been escalated from Level 2 team or the client.
- Have experience with at least one of the following Next Generation Firewalls (Palo Alto, Fortinet, Cisco, Juniper).
- Perform threat hunting on customer networks to detect and isolate threats and provide recommendations to customers.
- Excellent business communication and presentation skills, in many cases, being able to translate technical details into plain speak.
- Act as designated lead on customer on-boarding projects to ensure a successful transition to SOC for security monitoring services.
- Act as a point of escalation for tier 2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques.
- Prepare Monthly Security Reports for managed clients which includes excellent analysis and recommendations and present them to customers during monthly meetings.
- Follow the Security Use-Case Management Framework, continually improve and tune SIEM use cases and assist in maintaining the SIEM use case library.
- Mentor L2 security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by the SOC.
- Work as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats.
- Participate in security incident management and vulnerability management processes.
- Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems.
- Develop strong relationships with vendors and escalate issues to them as needed to support the SOC and customer environments.
- Communicate effectively with customers, teammates, and management.
- Follow ITIL practices regarding incident, problem and change management
- Stay up-to-date with emerging security threats including applicable regulatory security requirements.
- Be aware of the company's information security requirements, including Immediately reporting all breaches in information security to the CSO (Chief Security Officer) and take whatever other actions may be required of him or her under the terms of ISO 27001 information security policies, Information Security Management System (ISMS) and other company security policies and procedures.
- Be aware of and abide by all company policies and procedures (e.g. Employee Code of Conduct).
- Other responsibilities and additional duties as assigned by the security management team.
- Security Operation Center positions require employees to obtain and maintain a Government of Canada Level 2 – Secret security clearance. This clearance requires Canadian Citizenship or Permanent Resident status with 5 years residency in Canada.
Ideal candidates will have as much of the following:
- A Bachelor's Degree / Diploma in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering
- Preferred Information Security professional designations such as CISSP, CISM, CISA
- Preferred SIEM vendor certifications (LogRhythm, QRadar, Splunk)
- 3-5 years previous security experience in conducting security investigations and working with SIEM’s and NGFW’s.
- Security monitoring experience with one or more SIEM technologies – LogRhythm, QRadar, Splunk and intrusion detection and prevention technologies.
- Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
- Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP
- Strong knowledge of IT including multiple operating systems (Windows, Linux, Unix).
- Strong knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.
- Strong understanding of security incident management, malware management and vulnerability management processes.
- Detail oriented with strong organizational and analytical skills.
- Strong written and verbal communication skills as well as presentation skills.
- Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
- True Incident Response Handler (breach response) would be considered an asset.
- Understanding of programming and scripting such as Python, Perl, Bash, PowerShell, C++ would be considered an asset.
- After-hours availability may be required on occasion.