SOC Analyst with ArcSight Experience
We are looking for SOC Analysts to provide advanced security analysis within a Security Operations Centre located at one of our major federal government clients in west Ottawa. The responsibilities of the SOC Analysts will include the following:
- Provide advanced analysis support for all data mining activities.
- Determine appropriate course of actions for events of interest.
- Build use cases in support of the incident management practice and business requirements.
- Configure use cases to support incident management practices.
- Automate security responses and integrate/.coordinate activities responsible for managing vulnerabilities on ArcSight monitored environments.
- Track threats and vulnerabilities to the security information and event management (SIEM) monitored environments.
- Maintain detailed information about monitored systems, networks and information flows throughout monitored environments.
- Maintain documentation to support security operations.
- Track and document changes to monitored environments.
- Maintain documentation and diagrams supporting all information flows within monitored environments.
- Maintain a list of assets located within monitored environments.
- Identify and track the criticality, confidentiality and owner of each network and system.
- Maintain and configure the SIEM solution to support incident management with the SOC.
- Follow standard operating practices for developing content within the SIEM solution.
- Configure the SIEM solution with the appropriate asset data and information classification.
Required Education and Experience
Successful completion of a post-secondary degree in Computer Science, Systems Engineering or related field, from a recognized academic institution; AND a minimum of three (3) years professional work experience in the Information Technology (IT) field, of which two (2) of the last five (5) years must be directly related to the development of information security solutions and/or the analysis of information security event logs.
OR
Successful completion of a two (2) or three (3) year college diploma in Computer Science, Systems Engineering or related field, from a recognized academic institution; AND a minimum of five (5) years professional work experience in the IT field, of which three (3) of the last five (5) years must be directly related to the development of information security solutions and/or the analysis of information security event logs.
OR
A minimum of eight (8) years professional work experience in the IT field, of which four (4) of the last six (6) years must be directly related to the development of information security solutions and/or the analysis of information security event logs.
Experience with the following is also desirable:
- Microsoft, Unix and Linux OS
- Network protocols including TCP/IP, UDP/IP
- Application network protocols including DNS, SMTP, HTTP, etc.
- Forensic ITS investigations
- Intrusion detection systems