SIEM Administrator

 Summary

The SIEM Administrator will work with the SOC & SOC Infrastructure teams at GoSecure to provide application support on current and future SIEM products, ensure data feeds and application operation are maintained, and provide support to cyber security analysts in development of analytics and other operational aspects of the SIEM/SOAR product suite.

Duties and responsibilities 

Application support
- Providing support for current and future SIEM products, including ensuring data feeds and application operation are maintained
Cyber security analyst support
- Helping cyber security analysts develop analytics and other operational aspects of the SIEM product
 Data management
- Archiving, backing up, and purging data as needed and in compliance
 Evidence collection
 Collecting evidence for audits and documenting all activities performed and recorded
 Change management
 Raising change management tickets for SOC Admin activities and incidents
 Troubleshooting
 Coordinating with the SOC Monitoring team on troubleshooting issues and escalating them with a 3rd party TAC/Support team as required
 Security policies
 Developing and maintaining security policies, procedures, and standards to ensure compliance with regulatory requirements
 Content improvements
 Working with the Cybersecurity Incident Response Team and Threat Intelligence Team to identify content improvements
 Technical oversight
 Providing technical oversight, standardization, and validation of the effectiveness of SIEM content service
 UAT -> Production Cycle
 Stage and deploy upgrades, content changes and infrastructure improvements across several lab (UAT) and production environments to ensure minimal impact
 Proactive Monitoring
 Implement iterative improvements for all resource utilization, data flow and operational metrics to create actionable alerts to the SOC Infra team to highlight production health issues before they impact SOC duties

Qualifications 

-Bachelor's degree and 4+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be accepted in lieu of degree.
- In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g., Splunk, Elastic/Kibana, FortiSIEM).
- UNIX OS Administration & command line experience
- Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
- Windows/Unix-specific networking
- Familiarity with various security tooling including EDR, NGAV, and Vulnerability Scanning technologies
- Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain and an ability to think and work independently.
- Motivated self-starter and the ability to create complex technical reports on analytic findings.
 

The following personal abilities are favoured at GoSecure: 

• Exceptional organizational skills; 

• Ability to think of problems and operational activities beyond technical scope, envisioning general business and political ramifications; 

• Ability to work independently and handle multiple tasks concurrently; 

• Adaptable to diverse environments; 

• Superior verbal and written communication skills in English and French are mandatory; 

• Energetic and positive with a “can do” attitude. 

English: fluent or intermediate, 

French considered a bonus

Why join us?

-3 weeks vacation, 5 personal days, paid bereavement days

-14 paid holidays

-Group insurance plan: health, dental, vision, disability, life, travel

-Employee assistance program (Dialogue)

-RRSP and matching employer contribution

-Peer recognition program and other awards granted throughout the years

-Company stock options

-Discounts on a variety of merchants

-Young and dynamic team always striving to improve

and much more!