Responsible for investigating security incidents and determining their root causes. They review incidents that have been escalated by Tier 1 analysts, who are responsible for collecting data and reviewing alerts. Tier 2/3 analysts use threat intelligence, such as indicators of compromise, TTPs, and company host system/network data sets to assess the alerts, threats and potential incidents in more depth.

General Skills -

They have deep experience with SIEM tools specifically Crowdstrike SIEM, network data, host data, Identity and Access log data, developing SIEM use cases, reducing/tuning false alerts and leading investigations until issues have been resolved. They will also monitor systems and events across different operating systems, such as Windows, macOS, and Linux.

Specific Requirements -

Must have 5+ years recent experience as Tier 2 or 3 analyst at a large organization; government and Critical Infrastructure company preferred.

Must have strong, demonstrated SIEM and data correlation experience

Must have demonstrated experience designing new SOC use cases and working with vendor on implementing new use cases.

Must have experience designing and implementing runbooks and use cases to mitigate security incidents

Experience designing Incident Response plan, including alert definition, runbooks, escalation, etc..

Experience documenting incident response communications for technical and management audiences

Must have extensive experience reviewing and managing alerts in Microsoft Defender, Splunk

Must have experience conducting hunts across disparate data sets, to include host data, vulnerability data, threat data, network data, active directory data, among others to identify threats

Experience leading timely security operations response efforts in collaboration with stakeholders

Must have experience setting up alert rules and effective alert management

Demonstrated ability to create runbooks and conducting investigations with key application, IT Infra and other stakeholders

Experience designing custom SOC SIEM use cases in Defender, Splunk and CRWD

Experience conducting forensic work investigations

Strong security operations documentation abilities

Attributes sought -

Must be proactive, problem solver and curious.

Most be a problem solver

Must be curious

Must be analytical, qualitative and quantitative abilities

Must be adaptive to dynamic environment

**MST or PST shift times**

Apply now

See more open positions at Plurilock

Privacy policy Cookie policy

Communitech Hub

151 Charles Street West, Suite 100,
Kitchener, Ontario, Canada, N2G 1H6

Proud member of Canada's Tech Network

Hours: Monday - Thursday 8:30 a.m. - 5 p.m. ET
Friday 8:30 a.m. - 4 p.m. ET
Phone: +1 (519) 888-9944
Email: front.desk@communitech.ca

Connect with us

Government of Ontario logo

Government of Canada logo

Communitech acknowledges that the Hub is situated on the Haldimand Tract, land that was granted to the Haudenosaunee of the Six Nations of the Grand River, and are within the territory of the Neutral, Anishinaabe, and Haudenosaunee peoples.

To access services in French please email marketinghelp@communitech.ca