Our Customer is a leading global insurance company.
Our client is looking for a Cybersecurity Incident Response Manager to join and be part of their Cybersecurity department. In this role you will act as a Cybersecurity Incident Response manager and advisor. You will be joining and managing a team of Cybersecurity Analysts and collaboratively act as a liaison between various teams, business partners and technical teams such as Global SOC, Data Loss Prevention, Compliance, Threat Intelligence, Vulnerability and Risk Management, Governance, Identity and Access Management, Systems and Network Engineering, Software Development, 3rd Party Vendors/Suppliers, HR, Legal, etc. in a balanced manner.
The ideal candidate possesses a broad knowledge of information security systems and solid skills in Incident Response, Networking, Programming, and System Administration. They should have a background in many domains of IT, but a strong ability and curiosity about learning and championing Cybersecurity and passion for professional development.
This position reports to Sr. Manager Cybersecurity Operations.
A Degree in IT/ Comp Eng. is required.
Location is Markham GTA Ontario.
Hybrid role – mix of in-office and remote WFH, currently 1 day / week in-office.
This a perm/FT role.
Salary + bonus, pension, and benefits
Responsibilities
Managing a team of Incident responders and Threat Hunters
Defining and maintaining Information Security Incident Management Process and build procedure documents for incidents handling
Performing forensics investigation based on logs and other data. Validate containment and remediation measures, Perform Root Cause Analysis (RCA) as vital efficiently.
Managing, maintaining and improving Incident Response capabilities to detect, proactively hunt for and respond to sophisticated cyberattacks
Coordinating, monitoring, and supporting general activities related to cases, investigations and risk mitigation and analysis
Coordinating, communicating, sharing information, and working closely with various business units and teams within the company
Periodically conducting tabletop exercises to test the readiness of IR function
Working closely with Cybersecurity Engineering team on new monitoring rules implementation, playbooks, and other manual tasks’ automation proficiently.
Researching emerging threats to gain insight and understanding of the evolving threat landscape and its to the company.
Ensuring continuous improvement of the Cybersecurity posture
Qualifications
5+ years of hands-on experience in Cybersecurity, InfoSec, Security Engineering, Network Engineering with emphasis in Incident Response, Threat Hunting, and Cyber Security Operations
Outstanding knowledge in the following Cybersecurity domains:
Securing infrastructure in public clouds (AWS, Azure, GCP, etc.)
SIEM, Log Management, Network Security & Monitoring
Endpoint detection protection and response
Cryptographic services
Computer Forensics
Vulnerability Management
SOAR and playbooks automation
IAM/PAM
Intrusion Detection and Prevention
Data Loss Prevention
Threat Intelligence and UEBA
Excellent problems solving skills, ability to coordinate with different local and global teams
Ability to move quickly in a fast-paced and fluid environment, as well as influence peers and partners to prioritize issues as needed
High proficiency in creating and presenting incident summary reports
Familiarity with security frameworks such as NIST, PCI and CIS
Ability to plan, organize and prioritize tasks to complete within established time frames
Ability to work independently without direct supervision, self-motivated, and meet tight timelines
Outstanding technical skills, knowledge of network protocols and network communication principles, understanding of vulnerabilities and remediation techniques
Excellent written, verbal, and interpersonal skills
Continuous improvement demeanor
Professional and courteous in all interactions
Able to influence, innovate and drive Cybersecurity standard methodologies
Experience in AWS and Azure is a plus
University Degree in Computer Science/Engineering, Information Security/Technology or in a related technical field
At least one standard industry certification such as GSEC, CISA/CISM/ CISSP/CSCS/CEH or equivalent certifications or willingness to obtain within 12 months
The role will be based out of one of our offices: Markham, Toronto or Oakville.