JOB SUMMARY:

SaskPower is seeking an individual experienced in security analysis and incident response to support daily operations and help grow and mature our Enterprise Security team.  This office position is located in Regina, Saskatchewan.

As a Cyber Security Specialist you are a continuous learner, who will be responsible for evolving new detection methodologies, participating in threat actor investigations, and providing expert support to incident response and Security Orchestration, Automation and Response (SOAR) monitoring functions. The focus of the Cyber Security Specialist is to detect, disrupt, and eradicate cyber security threats. The position uses data analysis, threat intelligence, and cutting-edge Cloud and on-premise security technologies. As a member of a team, you will support the Enterprise Security team by applying analytic and technical skills to investigate intrusions, identify malicious activity across Cloud, email, network, and endpoint environments, and perform incident response.    
 

KEY ACCOUNTABILITIES:

• General SIEM/SOAR monitoring, analysis, response to various types of cyber security alerts/incidents.
• Experience in building custom detection logic and automating response workflows within SOAR platforms.
• Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
• Compile approved detailed investigation and analysis reports for business, and delivery to management
• Maintain knowledge of various threat actors and associated tactics, techniques, and procedures (TTPs). 
• Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs. 
• Analyze malicious campaigns and evaluate effectiveness of security technologies. 
• Develop advanced queries and alerts to detect adversary actions.  Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed. 
• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies. 
• Lead response and investigation efforts into advanced/targeted attacks, including email threats/campaigns. 
• Provide expert analytic investigative support of large scale and complex security incidents. 

KNOWLEDGE/SKILLS/ABILITIES:

• 5+ years of relevant and documented cyber security experience in IT Security, Incident Response, email and network security.
• Considerable experience with the incident response process, including detecting advanced adversaries using Splunk and/or Azure / Microsoft Security tools. 
• Strong analytical and investigation skills & active threat hunting and adversary tracking. 
• Working knowledge of security architectures, devices and threat intelligence consumption and management within Cloud, network, email and endpoint.
• Working knowledge of root causes of malware infections and proactive mitigation. 
• Working knowledge of lateral movement, footholds, and data exfiltration techniques. 
• Track record of creative problem solving, and the desire to create and build new processes. 
• Experience with packet flow, TCP/UDP traffic, firewall technologies, IPS technologies, proxy technologies, and Active Directory.
• Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts. 
• Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB. 
• Strong time management and multitasking skills as well as attention to detail as well as strong collaborative skills and proven ability to work in a diverse team of cyber security professionals. 

DESIRED EXPERIENCE:
 

• Experience with one or more languages (e.g., Python, Kusto Query Language, Splunk – SPL, PowerShell, Jupyter Notebook, Rest API) 
• Demonstrated knowledge of the Splunk search language, search techniques, alerts, EDR platforms, dashboards and report building. 
• Demonstrated experience in Digital Forensics
• Deep understanding of Microsoft Exchange configuration
• Experience with Netflow or PCAP analysis. 
• Experience with computer exploitation methodologies 
• Familiarity with regulatory and compliance requirements such as NIST, CIS Controls, or ISO 27001 is an asset.
• Relevant Microsoft Security certifications
• CISSP, CISM or a GIAC certification is preferred