Senior Information Security Specialist

What you’ll do

Supporting the Senior Cyber Incident Response Team (CIRT), the Senior Information Security Specialist is a crucial member of our security posture, tasked with protecting our organization's digital assets through advanced threat detection and response operations. This seasoned professional not only leads these initiatives but also refines detection engineering strategies and mentors junior analysts. Key responsibilities include proactive threat identification, real-time event monitoring, and implementing robust solutions to enhance our security posture. The Senior CIRT Analyst connects day-to-day activities with strategic cybersecurity initiatives by crafting sophisticated detection rules, conducting thorough threat hunts, and improving operational protocols. Collaboration with the Cyber Security Engineering team ensures optimal configuration and deployment of detection platforms, making our defenses both adaptive and strong. The role requires managing multiple tasks under pressure, participating in a rotational on-call schedule for 24/7 incident coverage, and working closely with various stakeholders for effective incident management and mitigation.

Working Conditions:

• Competing Priorities: Flexibility to prioritize and handle multiple tasks simultaneously, ensuring timely and effective threat detection and response.

• Rotational On-Call Duty: Participation in an on-call schedule, requiring availability during off-hours, weekends, and holidays as needed.

• Collaborative Team Setting: Frequent interaction with cross-functional teams including IT, legal, and business units to coordinate comprehensive incident response efforts.

• Continuous Learning: Staying current with evolving cyber threats and security technologies to maintain a robust defense strategy.

• High-Pressure Environment: Ability to manage high-stakes incidents with potentially significant impact on the organization.

Technical Expertise:

• Incident Management: Lead high-priority investigations, ensuring swift containment and remediation of incidents while meticulously documenting all activities and findings.

• Detection Engineering: Design, test, and deploy advanced detection rules and logic (e.g., SIEM use cases, KQL queries, Logic Apps) to identify and neutralize security threats.

• Threat Hunting: Conduct proactive threat-hunting exercises to uncover advanced persistent threats (APTs), using threat intelligence and behavioral analytics.

• Platform Optimization: Collaborate with security engineers to fine-tune security tool configurations, ensuring optimal efficiency and reliability in threat detection and response processes.

• Threat Assessment: Perform detailed assessments of systems, networks, and applications to identify potential vulnerabilities, providing actionable recommendations for risk mitigation.

• Attack Path Analysis: Extract attack paths and Tactics, Techniques, and Procedures (TTPs) to analyze cyber threat actor behaviors.

• IOC Extraction: Identify Indicators of Compromise (IOCs) during investigations to understand threats better and enhance detection capabilities.

Operational Excellence:

• Metrics and Reporting: Generate detailed security reports for leadership that summarize key findings, operational trends, and actionable recommendations. Utilize tools like PowerBI and ServiceNow dashboards for data visualization. Leverage Excel for creating detailed reports that include pivot tables, charts, graphs, and other data analytics functionalities.

• Change Management: Oversee changes to CIRT tools and processes in accordance with established change control procedures.

• Stakeholder Engagement: Work closely with cross-functional teams to align security initiatives with business objectives, ensuring seamless communication during incidents.

• Knowledge Sharing: Develop and deliver comprehensive training materials to enhance team competency in incident detection, response techniques, and detection engineering.

• Process Improvement: Spearhead the development and refinement of CIRT workflows and playbooks, ensuring they adhere to industry best practices and organizational objectives.

What you bring

Technical Qualifications:

• Bachelor's degree in computer science, Cybersecurity, or a related technical field; equivalent experience will also be considered.

• Minimum of 5 years of experience in CIRT operations or similar cybersecurity analysis roles.

• Proven expertise in detection engineering utilizing tools like Sentinel or similar solutions for rule development and optimization.

• Hands-on experience with incident response protocols covering containment, eradication, and recovery phases.

• Solid understanding of cybersecurity frameworks such as NIST, ISO/IEC 27001, and MITRE ATT&CK.

• Strong verbal and written communication skills.

• Relevant certifications such as CISSP (Certified Information Systems Security Professional), GCIH (GIAC Certified Incident Handler), GCIA (GIAC Certified Intrusion Analyst), or CEH (Certified Ethical Hacker).

• Advanced proficiency in developing detection logic using KQL, Logic Apps, etc.

• Demonstrated ability to lead complex incident investigations from start to finish.

• Proven experience in leveraging tools and intelligence for proactive threat hunting.

• Knowledge of securing and monitoring cloud environments such as AWS, Azure, or Google Cloud.

• Familiarity with automating CIRT workflows using SOAR platforms or scripting languages (e.g., Python).

Individual Competencies

• Integrity: Consistently takes responsibility for actions and adheres to ethical standards; respects confidentiality regardless of pressure from others.

• Teamwork: Fosters collaborative relationships within the organization; builds partnerships to achieve shared goals.

• Curiosity: Displays an eagerness to learn new knowledge; values the contributions of others towards personal growth and organizational improvement.

• Analytical & Critical Thinking: Employs a logical approach to solving problems systematically.

• Problem Solving: Efficiently gathers information to develop viable solutions while evaluating the accuracy and relevance of facts.

• Collaboration: Works effectively with others to achieve collective goals.

Hybrid

We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team. #LI-AG2

About Us

Canadian Tire Corporation, Limited (“CTC”) is one of Canada’s most admired and trusted companies. With more than 90 Owned Brands, 1,700 retail locations, financial services, exemplary e-commerce capabilities, and exciting market-leading merchandising strategies. We dream big and work as one to innovate with purpose for our customers at every level of our business, investing in new technologies and products, and doubling down on top talent to drive the company forward. We offer competitive salaries and wages to CTC employees, as well as store discounts, supported learning through our Triangle Learning Academy, Canadian Tire Profit Sharing, and retirement and savings programs for eligible employees. As part of our enhanced flex benefits program, we offer mental health benefits in the amount of $5,000 per year for benefits-eligible employees and their families, including total well-being, and mental health tools and resources for all employees. Join us in helping to make life in Canada better through living and working our Core Values: we are innovators and entrepreneurs at our core, outcomes drive us, inclusion is a must, we are stronger together and we take personal responsibility. It is an especially exciting time to join CTC and its family of companies where career opportunities are wide-ranging! Join us, where there's a place for you here.

Our Commitment to Diversity, Inclusion and Belonging 

We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better.

Accommodations  

We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.