Cybersecurity Incident Response Analyst

Individually we are people, but together we are Aviva. Individually these are just words, but together they are our Values – Care, Commitment, Community, and Confidence.

We are looking for an experienced cybersecurity incident responder who can manage incidents at Tier 3 level and who is experienced in investigating cybersecurity incidents using incident response tools. The Cybersecurity Analyst – Incident Response role will also support internal fraud and financial crime investigations where there is a cyber element. This position has an on-call rotation element to provide prompt response to mitigate impact a 24/7.

The candidate will have experience with Information Technology and a solid level knowledge of Cybersecurity principles.

The role is part of Aviva’s Canada Cybersecurity Operations team and will be primarily based out of our Markham office.

What you'll do

• Take ownership of incident response activities and create summary reports for management and other internal stakeholders

• Analyze advanced cybersecurity alerts from managed service providers to determine impact, select most effective containment and remediation activities, and ensure appropriate recovery takes place

• Maintain effectiveness of incident response tools, including EDR, SIEM, and SOAR, by identifying enhancement opportunities in configuration and alerting rules while practicing and improving practical skills

• Conduct detailed technical investigation of cybersecurity incident root causes including threat vector, technique and tactics

• Be diligent throughout shift and when on call to quickly response to cybersecurity alerts and be available for time sensitive responses

• Work with key internal teams from Group CISO, Privacy Office, and Financial Crime Teams to support other investigations where there is a cyber element

• Adapt to fast-paced environment

What you'll bring

• At least 5 years of experience directly working in cybersecurity incident response, preferably in a large financial services institution

• Strong incident response technical skills, knowledge of network protocols and network communication principles, understanding of vulnerabilities and remediation techniques

• Demonstrated ability to analyze cybersecurity alerts to determine business impact and selecting containment and remediation activities that appropriate recovery

• Maintain effectiveness of incident response tools, including EDR, SIEM, and SOAR, by identifying enhancement opportunities in configuration and alerting rules while practicing and improving practical skills

• Conduct detailed technical investigation of cybersecurity incidents and identified root causes including threat vector, technique and tactics.

• Demonstrated ability to establish effective working relationships and collaborative work approaches with both internal and external peers

• Obtained or pursing a recognized cybersecurity incident response or related certification, such as CISCP, OSCP, CIH, CHFI etc.

• Experience reviewing, analyzing, discussing, explaining, and reporting cyber threats and results.

• Strong interpersonal and communication skills, ability to respond to multiple incidents simultaneously and in a prioritized matter.

• Preferred candidates will also have experience in threat hunting OR threat intelligence OR forensics, in addition to cybersecurity incident response.

What you’ll get

• Compelling rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.

• Outstanding Career Development opportunities.

• We’ll support your professional development education.

• Competitive vacation package with the option to purchase 5 extra days off per year.

• Employee driven programs focused on gender, LGBTQ+, origins, diversity, and inclusion.

• Corporate wellness programs to support our employees’ physical and mental health.

• Hybrid flexible work model.

Please note that we may use AI tools to help us through the recruitment process. This is an existing position which has been posted both internally & externally.

Aviva Canada has an accommodation process in place to provide accommodations for employees with disabilities. If upon commencement of employment you require a specific accommodation because of a disability, please contact your Talent Acquisition Partner so that an appropriate accommodation can be arranged. This process applies throughout your career with Aviva Canada.