Work In Tech

Find your next role at Canada's fastest-growing tech companies

L2 Security Analyst

Kobalt

Kobalt

IT
Calgary, AB, Canada
Posted on Friday, July 5, 2024

About Us: At Kobalt.io, our mission is to solve cyber security for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers have enables us to design and refine scalable cyber security services that support a secure path to growth. This is reflected in everything we do from the programs we build, to the partnerships we have developed with companies such as Vanta, Prescient and Sumo Logic.

Role Overview: Our SOC is at the heart of our business. We are looking for team members who have a real passion for security. The Security Analyst is an engaged contributor within Kobalt’s Security Operations Centre (SOC). They are responsible for supporting the ongoing development and operations of SOC services, geared towards small to medium enterprises.

Kobalt’s monitoring systems use industry-leading frameworks and tools to deliver a best-in-class solution that monitors and alerts clients about security issues that may impact their business.

If you are ready for a new challenge and want to join a growing team, this is your opportunity. Kobalt provides SOC services for numerous technologies supporting small and medium enterprises. If you want to be a part of this journey, we would love to hear from you.

Responsibilities

  • Investigations: Investigate alerts, analyze the evidence, document findings and raise security incidents as required.
  • Escalations: Act as the point of escalation for Tier I analysts for complicated alerts, customer enquiries and issues with the tool set.
  • Scans: Run, interpret and communicate the results from periodic vulnerability scans of customer environments.
  • Reports: Create weekly reports for customers that include the interpretation of event patterns and suggest improvements to their security posture.
  • Meetings: Conduct regular meetings with customers to review alerts, patterns and vulnerability scan results and to make related suggestions.
  • Onboarding: Work with customers to ingest individual log sources into Kobalt’s various security tools and build use cases, dashboards and run books.
  • Continuous Service Improvement: Create new alert rules, tune existing rules, create and refine automation and write and improve processes, documentation and run books.
  • Maintenance: perform upgrades and resolve problems with Kobalt’s security tools.
  • Analyst Support: Train, support and guide Tier I analysts on security procedures, tool usage, investigation and ticket handling through documentation, meetings and one-on-one sessions.
  • Project Work: Learn and implement new tools, use old tools in new ways, ingest new or custom log sources and create or revise the related documentation.
  • Collaboration: Work with team members to assist with improvements, discovery and production of creative and insightful security use-cases.
  • Participation in an on-call rotation is required.

Ideal Qualifications

  • Diploma or Degree in cybersecurity or a related field and/or equivalent experience.
  • Recognized, cybersecurity certification such as CompTIA SEC+
  • 3 - 5 years of on-the-job experience in a Security Operations Center (SOC)
  • Intermediate to expert experience working with SIEM tools such as Sumo Logic, Splunk and Azure Sentinel.
  • Familiar with the MITRE ATT&CK framework
  • Working knowledge of OWASP Top 10.
  • Proficient in scripting with Powershell, Python, Shell, Perl or a similar language with a good grasp of regular expressions.
  • Passionate about cybersecurity.
  • Enthusiastic and curious.
  • Comfortable with speaking to diverse audiences in meetings and presentations.
  • Understand the incident handling process and ticket handling.
  • Excellent written communication skills.
  • Excellent verbal communication skills and able to explain cybersecurity incidents or concepts to technical and non-technical audiences.
  • Able to perform in a fast paced environment.
  • Strong and collaborative team player.
  • Able to provide on-the-job training and knowledge sharing to other analysts
  • A strong, self-starter with the ability to find tasks rather than wait for them.
  • Adaptive and able to pick up new concepts quickly.


Assets

One or more of the following experiences or skills would be considered an asset.

  • ITIL (v3 or v4) Foundations
  • Experience as a system, network or firewall administrator.
  • Experience securing different types of hardware: servers, firewalls, switches.
  • PCAP Collection and Analysis using tools such as TCPdump and Wireshark
  • Working knowledge of the OSI network protocol stack, including major protocols such as ICMP, TCP, UDP, SMTP, HTTP, FTP, SNMP and SSH
  • Understanding of popular cryptographic algorithms and protocols such as AES, MD5, SHA, SSL/TLS, etc.