Back to Job Search

Technical Lead, SecOps

  • Location: Oakville

Posted almost 2 years ago

Job Title: Technical Lead - Security Operations
Type: Permanent
Location: Role is 100% remote (Candidate from anywhere in Canada/US can apply)
Start Date: June 20th or sooner
Days/Hours: Monday to Friday - 9 to 5:00pm
Hours/Week: 40
Reporting to: Technical Manager
Salary: $70,000.00 to $90,000 annually
Benefits: Yes
Vacation: 3 weeks

About company:

Our client is a privately held SecOps-As-A-Service company founded in 2008. We deliver 24.7.365 security operations backed by our modernized SOC 2 Type 2 and ISO27001 certified Cyber Command Center. They are focused solely on the Microsoft security product stack and holds the Microsoft Security Advanced Specialization. They are an outcome-driven SecOps-As-A-Service company that leverages an innovative and collaborative approach providing customers an easy way to consume services and increase maturity.

Their Shield was developed to break internal security silos, provide customers the ability to scale, and most importantly, provide true visibility within their model. All of their services, MDR (Managed Detection and Response), AVM (Advanced Vulnerability Management), GRC (Governance, Risk & Compliance), BPS (Brand Protection Services), and SAT (Security Awareness Training) roll into the Shield providing their customers the ability to save costs and maximize visibility across the people, processes, and technologies critical to an organization.

Job Brief

The SOC team is a group of highly valued professionals within the Cyber Command Center (C3) recognized for their dedication to seamless 24x7x365 security incident response. They are an integral component of delivering reliable managed security services.

The SecOps team offers experience in incident response techniques, incident response life cycle, threat hunting methodologies, malware analysis and threat intelligence. They perform advanced incident triaging and investigation of adversary Tactics, Techniques, and Procedures (TTP), malicious code, and related capabilities. They provide cyber threat intelligence analysis for briefing and reporting. The SecOps team is responsible for providing incident response expertise and intelligent technical support to assigned customers.

Key Responsibilities:

The primary focus of the Technical Lead, SecOps is to provide guidance, coaching and work facilitation for the Security Operations team. They perform a multifaceted role, acting as an analyst working on security incidents (SIRs), facilitating the distribution and efficient completion of work within the SOC and coaching SOC team members.

As an analyst, they triage security incidents and eradicate threat actors from enterprise networks along with providing recommendations for remediations. They are responsible for analyzing, identifying, and hunting threat actor groups and their techniques, tools and procedures. As a lead, they are directly responsible for the individuals within the SOC, and the outcomes they achieve.

Job Responsibilities:

Team & Culture

  • Working with People Services, recruit, and train team members for the SOC
  • Work collaboratively with  leadership to craft and measure performance-based team goals for the SOC
  • Take a hands-on approach to managing the daily workload of the SOC, ensuring all SIRs are being properly handled, prioritized, and progressed within predetermined Service Levels
  • Promote service excellence through monthly quality reviews
  • Act as an escalation point for the team for complex or high priority issues, taking point with other  teams when necessary
  • Own the processes which govern how the SOC team functions, ensuring formal processes exist for all SOC team responsibilities, standardization is in place, process is followed, and continuous improvement is encouraged
  • Cultivate exceptional team health / culture / environment including daily stand-ups and regular team meetings
  • Foster trust and positively contribute to organization culture by exhibiting open, honest, and collaborative qualities in all interactions
  • Exemplify a ‘lead by example’ philosophy
  • Support team member growth and learning through regular one on one meetings and annual performance appraisals

Technical

  • Analyze and identify cyber threat activity based on known techniques, tactics, procedures (MITRE ATT&CK Framework)
  • Analysis of host-based and network-based security alerts, responding to potential threats and vulnerabilities
  • Perform investigation of intrusion attempts and in-depth analysis of indicators of compromise (IoC) from several log sources
  • Perform initial triage on security events populated in the ticketing system, and investigation and escalation of these events where applicable.
  • Manage security events throughout the incident response life cycle
  • Support the development of advanced Security Information and Event Management (SIEM) rules and alerts to detect adversary techniques, tactics, and procedures by providing tuning recommendations based on day-to-day monitoring and customer feedback experiences
  • Analyze a variety of security logs (Firewall, EDR, Syslog, Email, CASB, etc.) to determine the impact of a security event and appropriate escalation procedures
  • Independently follow procedures to contain, analyze, and eradicate malicious activity
  • Document all activities and status updates during the life cycle of the incident
  • Promote a consistent delivery of Security Operations Center services through the habitual capture and reuse of the documentation within the SOC knowledgebase

Required Skills:

Strong working knowledge of:
  • Intrusion detection, Threat hunting and Continuous Monitoring
  • Incident response life cycle and techniques
  • Networking Security fundamentals
  • Security technology (Firewalls, IDS/IPS, EDR, etc.)
  • SIEM (Splunk, Microsoft Sentinel, Elastic)
  • Microsoft Defender Security Toolsets
  • MITRE ATT&CK Framework, cyber observables, and indicators of compromise (IoC)

Required Competencies:

  • A strong and capable leader; able to influence others in an unobtrusive way
  • Willing to take a customer focused, holistic approach to delivering SOC services
  • Strong ability to communicate and document clearly and effectively
  • Ability to build strong team relationships
  • Ability to set expectations through timelines, personally meet those expectations and encourage others to meet timelines
  • Ability to make difficult decisions considering all viewpoints
  • Ability to communicate approach in any given situation and achieve buy-in
  • Ability to quickly learn new and complex concepts
  • Strong analytical skills, problem solving, conceptual thinking and attention to detail
  • Ability to organize and facilitate meetings with tangible outcomes

Work Experience:

  • Leadership experience in an IT or Security Operations setting
  • Recent operational security experience (Security Operations Center (SOC), Incident Response, Malware Analysis, IDS/IPS Analysis, etc.)
  • Exposure to security event analysis and threat hunting
  • Experience with Endpoint Detection and Response (EDR) Technologies

Education:

  • Formal education (College or University) in an IT Security related program or working experience in a Security field with additional security related training/education

Certifications:

Existing certifications are an asset. A formal requirement for mandatory ongoing certification will exist upon joining the  team. The Technical Lead will be the first to achieve new certifications that are deemed appropriate for the SecOps group.

  • SC-200: Microsoft Security Operations Analyst
  • MS-500: Microsoft 365 Security Administration