University Health Network Security Analyst in TORONTO, Ontario
Security Analyst - TORONTO, Ontario
JOB POSTING 905465
Position: Security Analyst - PPT
Department: UHN Digital, Operations Centre (OC)
Site: Downtown Toronto location & other sites throughout the GTA
Reports to: Operations Centre Manager and Digital Security Manager
Status: Permanent Part Time
Salary: H004: $28.05 - $35.00 per hour (based on experience and competencies)
The candidate will have an in-depth knowledge of cyber intelligence, security monitoring, event monitoring, incident response and handling, security operations processes, threat management and common industry technologies. The candidate must be able to perform cross-functional and other applicable duties consistent with the job description and as required/requested. The candidate will also be responsible for researching emerging trends and standards in IT Security; assisting with security audits; managing corporate security policies and standards as well as implementing and recommending policy changes to the Security Architect.
Key responsibilities include monitoring and optimization of the servers, utility servers, storage, network, teleconference equipment, and patient and facility monitoring systems. The specialist is also responsible for monitoring systems for threats from all attack vectors including perimeter and e-mail. The Operations Centre teams are comprised of infrastructure focused and security focused staff where incidents are escalated to L1 or L2 infrastructure or security support staff as required.
The UHN Digital Operations Centre operates on a 24 x 7 basis, working in 12 hour shifts. Permanent part time staff are guaranteed two (2) 12 hour shifts per week, with the potential for more hours as needed. The shifts include days, nights, weekends and statutory holidays.
Protect and defend UHN’s network.
Monitors all aspects of the Operations Centre (OC), including infrastructure and security functions.
Works with Infrastructure Engineering to ensure systems are properly maintained in a safe and secure manner.
Works with other teams within UHN Digital to ensure that OC tools are properly patched and working.
Escalates system and services incidents and problems to the appropriate L2 support group.
Works with Infrastructure Engineering, Architects, Security Operations, and other staff to ensure Operations Centre meet the organization’s ongoing requirements.
Aids in in-depth investigation of events of interest identified during threat hunt activities or security alerts received from various security technologies as per defined investigation and response procedures.
Contributes to the tuning and development of SIEM use cases and other security control configurations to enhance threat detection capabilities.
Performs event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Analyze activity trends in client environments using a mix of tools and analytical methodologies to hunt for threats not otherwise detected by configured security alerts.
Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
Contribute to the tuning and development of SIEM use cases and other security control configurations to enhance threat detection capabilities.
Perform in-depth investigation of events of interest identified during threat hunt activities or security alerts received from various security technologies as per defined investigation and response procedures.
Build hunt threat profiles based on various intelligence-gathering techniques.
Conduct threat scenario analysis to develop new use cases with relevant attack vectors, and develop attack scenarios in order to formulate hunting strategies to identify the presence of threats that are going undetected by existing security controls.
Liaise with appropriate internal stakeholders during the investigation process to determine whether a security incident has occurred, identify the root cause and provide appropriate recommendations for remediation.
Build knowledge of and stay current on developments in the cyber threat landscape to adapt investigation techniques and provide recommendations to the client on responding to and remediating related incidents.
Create threat hunting monthly reports
Maintain an up-to-date threat hunting document repository.
Test and tune SIEM components, rules, alerts etc.
Develop internal documentation (playbooks & processes) for OC analysts based on correlation rules.
Document and escalate incidents (including the event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, misuse activities, and distinguish these incidents and events from benign activities.
A Bachelor's Degree / Diploma in a relevant area of study with a preference for Computer Science, Information Security or a Bachelor of Technology
Minimum of two (2) years working experience in Cyber Intelligence or as a threat hunter ideally working within a CIRT.
Strong knowledge of threat intelligence and threat hunting.
Strong analytical and investigative skills.
Knowledge of technical security controls and mitigations.
Good working knowledge of one or more of the following topics: common security threats, industry best practices, security technologies.
Strong working knowledge of advanced endpoint analytics.
Experience with the Cyber Kill Chain model.
Must have experience in IPS/IDS, Firewalls, End-Point Protection and SIEM.
Knowledge on digital forensics and malware reverse engineering.
Knowledge of computer network defense (CND) and vulnerability assessment tools, including open source tools, and their capabilities.
Knowledge of incident response and handling methodologies.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or SANS certification. Vendor specific trainings and certifications are an asset (Forescout, Cisco, Splunk, CyberArk, BeyondTrust and Palo Alto).
If you are interested in making your contribution at UHN, please apply on-line. You will be asked to copy and paste as well as attach your resume and covering letter. You will also be required to complete some initial screening questions.
Posted Date: September 23, 2022 Closing Date: October 13, or Until filled
University Health Network thanks all applicants, however, only those selected for an interview will be contacted.
For current UHN employees, only those who have successfully completed their probationary period, have a good employee record along with satisfactory attendance in accordance with UHN's attendance management program, and possess all the required experience and qualifications should apply.
UHN is a respectful, caring, and inclusive workplace. We are committed to championing accessibility, diversity and equal opportunity. Requests for accommodation can be made at any stage of the recruitment process providing the applicant has met the Bona-fide requirements for the open position. Applicants need to make their requirements known when contacted.