Are you a cybersecurity enthusiast? Are you tired of hearing about constant cyber attacks on Canadian education institutions, and want to do something about it? Do we have an opportunity for you!

Cybera is a not-for-profit agency whose mission is to improve the lives of Albertans through the use and advancement of digital technologies. We serve the province’s education, enterprise, research and government sectors.

 

We have developed a regional Security Operations Centre (rSOC) that supports the effective detection of and response to cybersecurity threats targeting Alberta’s post-secondary institutions. 

As a SOC Analyst, you will have a strong hands-on and technical focus, with broad security knowledge, experience and a deep understanding of various SOC domains and incident stages (covering preparation, identification, containment, eradication, recovery and lessons learned). A critical success factor for this role will be the ability to effectively identify, triage and investigate an incident end-to-end, including escalation and resolution with end users. Between monitoring and responding to incidents, you will be focused on the ongoing uplift of the SOC service, including people, processes and technologies.

In this role, you will be enabled to challenge the status quo, think outside the box, and apply a growth mindset to develop new and innovative solutions to complex challenges. This  will be supported by a focus on continuous training and exposure to leading security technologies, including a big data and analytics platform providing full flexibility to build advanced defences for cyber threats, with the support of our SOC Security Specialists.

We will ask you to:

Conduct proactive monitoring, investigation, and escalation of security incidents. Recognize any potential, successful, and unsuccessful intrusion attempts and compromises through correlation analysis of relevant event details and summary information.  Investigate malicious phishing emails, domains and IPs using open source and sector intelligence.  Provide mitigation guidance and support in response to identified threats. Continuously build and evolve high confidence and high fidelity detection rules leveraging anomalous or suspicious events, in collaboration with other SOC team members, including SOC Security Specialists and Operations. Actively contribute to the continuing development of the SOC architecture, processes, procedures, standards and methodologies. Be a power user of the Security Orchestration, Automation and Response (SOAR) platform for case management and enrichment/response playbooks. Utilize techniques for investigating host and network-based intrusions using SOC technologies. Report false positives, detection rule issues and parsing issues to the SOC Security Specialists and vendors for remediation. Work in close partnership with both internal and external (i.e., customer and vendor) stakeholders. Act as the first point of contact for security incidents and requests into the SOC, in line with set SLAs. Apply cybersecurity and privacy principles to organizational requirements.

Your professional tool-kit should include:

Education and Experience

Minimum one year in a SOC environment. Experience documenting cybersecurity processes, procedures, and playbooks. (ISC)2, CompTIA, GIAC, or other relevant cybersecurity certifications are desirable.

Skills

Understanding of cybersecurity risks to the academic sector. Ability to identify, analyze, document, and report relevant threats and incidents. Experience in identifying and containing security incidents. Experience automating investigations and processes using basic scripting and tooling. Practical understanding of patch and vulnerability management. Demonstrated ability to gain trust and credibility from internal and external stakeholders.

Technical Proficiencies

Experience with SIEM and UEBA technologies. Experience with SOAR technologies and playbook development (Demisto, Cortex XSOAR and/or Phantom would be advantageous). Experience with EDR technologies (such as Defender ATP, CrowdStrike). A thorough understanding of the MITRE ATT&CK framework and Cyber kill-chain. Ability to document and explain technical details clearly and concisely to both technical and non-technical audiences. Practical networking experience with a deep understanding of TCP/IP and other network protocols. Practical experience with Forensic Incident Response Triage and Investigation techniques and technologies. Experience with using and optimising a range of threat intelligence feeds; Excellent troubleshooting and analytical thinking skills. Strong documentation and communication skills.

These requirements represent an ideal candidate. The potential of the individual’s background and experience to meet the responsibilities and expectations of the role is considered in all instances.

This is your opportunity to be a part of a newly formed SOC that will change the security landscape for post-secondary institutions!

Schedule and Conditions of Employment:

As part of the SOC team, you will be working a rotating schedule that shifts throughout the year. Our team ensures coverage seven days a week.

Selected candidates will be required to provide a satisfactory employment and criminal record check as a condition of employment.

Compensation and Location:

This position is based in our Calgary office. Salary will be commensurate with experience. No relocation costs will be awarded.

This is your opportunity to work for a flexible, tech-forward company that is helping Canada become a more equitable place to work, learn, and play! 

We offer:

A flexible work environment. Highly supportive and inclusive work culture. 35 hour work weeks. Benefits: Health & Vision benefits from day one Long & Short term disability benefits from day one Flexible Health Spending Account (after successful probation) $1,500+ annually for your professional development Regular Lunch & Learns - from department updates to EDI topics Internal Mentorship program RRSP program (after successful probation) Healthy snacks in the office — and sometimes unhealthy snacks 10 days per year to use for sick time or mental health days The opportunity to invest in yourself and your career.

How to Apply:

This posting will remain open until a suitable candidate is found. Your application should include a resume and a detailed response to two application questions, which demonstrates how your skill-set matches the position requirements (of course we don't expect you to have them all!)  While we appreciate all applications, only candidates selected for an interview will be contacted. No phone calls or recruiter assistance at this time, please.

All qualified applicants will receive consideration for employment without regard to race, religious beliefs, colour, gender, disability, age, ancestry, place of origin, marital status, source of income or family status of that person or of any other person.