Website TD Bank
We are looking for someone to perform a broad range of activities while working alongside and supporting others on the Engineering team. You’ll be involved in developing components of solutions with a focus on analytics, support, testing, and proof-of-concepts aligned to business and technology objectives. Think career growth potential!
Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here’s some of what you may be asked to perform:
- Provide input and feedback for existing SIEM Cloud use cases, analyze and propose detection improvements.
- Participate in creating innovative ways to use a wide range of security event data to advance detection methods and product capability.
- Thoroughly document implementations, via technical documentation and playbooks for the client.
- Customer facing role – Walk thru to white boarding of SIEM use cases development process and implementation planning to stakeholders
- Develop use cases in Cloud SIEM (Azure Sentinel) to detect advanced threats, actor techniques, anomalous or suspicious activity to identify potential and active risks to systems and data.
- Categorize SIEM use cases using MITRE ATT&CK framework, participate on Purple team testing and ensure successful implementation.
- Develop and lead work-shopping activities for security use cases development and tuning, processes and playbooks for security event management use cases and security analytics on-boarding/ off-boarding, intake management, requirements analysis, remediation, and reporting.
- Integrate various data streams into SIEM platform, develop and improve correlations between various SIEM platform to enhance detection posture.
- Design and drive technical plans toward security analytics management objectives such as: integration of events from cloud/on prem platforms to enterprise SIEM; implementation of use cases/policies; net new security use cases development to support Security Logging &
- Monitoring/UEBA, account for the effect of the evolving threat space on the overall set of existing security use cases.
- 3 to 5 years’ work experience in information security, cyber security, data protection or a related field
- Security Analytics and UBA: 2+ years of experience in performing security event management, security information event management and/ or security analytics configuration and management, security use case development and tuning, operational management and administration.
- Possess a firm understanding of the capabilities within Amazon Web Services (AWS), GCP, and Microsoft Azure platforms.
- Experience with modern security related subjects and trends such as threat hunting and modeling, digital forensics, reverse engineering, phishing, and penetration testing.
- Experience and exposure to threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
- Familiarity with some or all of Microsoft Security set of technologies, and depth experience in at least 1 of the following: *Azure Sentinel, * Azure
- Security Center (ASC)* Windows Defender Advanced Threat Protection (WDATP)* Microsoft Cloud App Security Broker (CASB) Solutions –
- Microsoft Cloud App Security (MCAS) / Office 365 Cloud App Security (OCAS) / Azure AD Cloud App Discovery* Office 365 Advanced Threat
- Protection (O365 ATP)* Office 365 Threat Intel (O365 TI)* Azure Advanced Threat Protection (Azure ATP).
- Knowledge of applying native cloud security and monitoring services in the cloud, including network firewalls, access control lists, encryption, auditing and monitoring, alerting, secrets management, and compliance scanning
- Experience with the Microsoft cloud and/or stack including O365, Azure, Windows or other Microsoft software/services
- Minimum of a two-year degree in information protection, computer forensics, computer information systems, computer science, or information systems management.
- Experience with cloud-hosted services, web-based applications, and server/service management feature
Qualification & Experience:
- Experienced in KQL, PowerShell, Python, JSON
- Proven experience with the successful development and deployment of use cases correlating information from various heterogeneous security feeds/platforms (e.g.: threat intel feeds, IOC. EDR, APT intelligence, etc.).
- Strong interpersonal and communication skills; ability to work in a team environment.
- Completed projects related to AWS and/or Azure for a private sector employer
- Ability to work independently with minimal direction; self-starter/self-motivated.
- Public Cloud: 2+ years of experience in performing security and compliance event management, security analytics configuration, security or
- UEBA use case development & tuning, and operational management & administration.
- An understanding of regulatory and Controls requirements: PCI, FFIEC, SOX, HIPAA, ISO 2700x, NIST standards.
- Azure Security Certification
- Professional IT security certification such as CISSP, CCSP, SANS Certified Intrusion Analyst (GCIA), CEH, GSEC and/or CISM is preferred
Company: TD Bank
Vacancy Type: Full Time
Job Functions: Information Technology
Job Location: Toronto, Ontario, CA
Application Deadline: N/A