City : Brampton, ON, CA

Category : Information Technology

Industry : Telecommunications

Employer : Rogers

Our Digital & Technology team wakes up every day with one goal in mind – to connect Canadians to the people and things that matter most. Collectively, we’re proud to support 30 million Canadians each month.

We manage a robust portfolio that champions the leading edge of technology and media. We drive projects that expand connectivity to underserved communities from coast-to-coast-to-coast; build and enhance our fixed broadband network to provide high-speed Internet, TV and Smart Home Monitoring; and support our world class wireless network, offering our customers Canada’s largest and most reliable 5G network. As the Digital & Technology team, we are building our tomorrow, today.

Come play a key role in building the future of innovation in Canada, Let’s make your possible.

Do you enjoy working on high-scale, complex, and high visibility projects and programs?  If yes, consider the following opportunity:

       Security Problem Incident Manager
Reporting to the Director of Cyber Threat Intelligence, the Security Problem Incident Manager supports the operation of the Information Security Operations Center (SOC) and Rogers’ Cyber Threat Intelligence Team via the identification, classification, prioritization and remediation of security related events and incidents. The Security Problem Incident Manager will have other duties, such as detection of suspicious or malicious security events, investigation of alerts, creation or tuning of standard response templates, threat intel analysis, preparing reports or engaging with other technical teams to better tune the environment to prevent, detect & respond to security incidents.

      Experience & Education

• Undergraduate degree or equivalent. 4+ years of applied technical experience.
• Knowledge of ITIL best practices and process improvements. CISSP, GIAC or similar certifications preferred.
• Experience managing security incidents Experience with common SOC practices such as IPS monitoring & response or use of SIEM solutions
• Provide and assist with finished intelligence analysis to internal teams through written reporting with minimal supervision.
• Collaborate across teams to brief on Intelligence about activity of interest and to coordinate adversary/campaign tracking.
• Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization
• Demonstrated skill at analyzing and preventing security incidents of high complexity.
• Experience leading a team of IT or Security professionals.
• Experience mentoring, coaching, and developing junior or less experience staff.

Summary of Essential Job Functions

• Provides leadership and advise to the incident response staff and performs highly technical threat intel support and threat detection function, including the creation and curation of runbooks, tabletop exercises, and integration with the NOC/SOC and security team
• Prepare for and lead a Post Incident Review to assess the overall effectiveness of the CSIRT process and identify corrective action
• Proactively analyzes event logs, and threat intelligence data, to properly identify and triage susceptibility of core technical assets, determine likelihood of exploitation and implement and/or refine preventative and detective security controls
• Monitor the Tactics, Techniques, and Procedures (TTPs) used by adversaries by analyzing raw intelligence and data.
• Identify cyber threats, trends, and new developments on various predetermined cyber security topics by analyzing raw intelligence and data.
• Assesses, analyzes, and consults on the security of information assets - networks, endpoints, databases, applications, services, platforms, environments, etc.
• Ability to elicit and communicate technical and non-technical information in a clear and concise manner.
• Use of MITRE ATT&CK and Cyber Kill Chain methodologies, effectively to determine risk prioritized response, investigate security events, and make clear recommendations on mitigation
• Knowledge of Cyber Threat Intelligence Framework is an asset.
• Understanding of security frameworks (e.g., NIST Cybersecurity, ATT&CK, OWASP) and risk management methodologies.
• Participation in threat intelligence, threat hunting, computer network defense, and incident response activities an asset
• Active inspection of security monitoring tools for signs of compromise or breach according to expert triage criteria & current threat intelligence
• Where an incident is known or suspected, lead an incident response process to gather appropriate intel data, ascertain the nature of the threat and coordinate appropriate response actions to contain & eradicate
• Following an Incident, establish root cause, identify security gaps, lessons learned & engage requisite issue owners to rectify identified problems
• Preparation of suitable procedures & documentation needed to have response steps planned for known threat types.
• Intermediate/Advanced knowledge of Microsoft Excel and PowerPoint required.
• Incident reporting - root cause & recommendations for action to prevent recurrence
• Identify enterprise security control configuration changes suitable to prevent or detect predicable security threats from having effect. Engage the platform owners to implement

Schedule: Full time

1. Our people are at the heart of our success
2. Our customers come first. They inspire everything we do
3. We do what’s right, each and every day
4. We believe in the power of new ideas
5. We work as one team, with one vision
6. We give back to our communities and protect our environment