Lead Cyber Security Engineer

EQ Bank | Equitable Bank • Toronto • 2w ago

Purpose of the Job:

The Lead Cyber Security Engineer – Cyber Defense is responsible for designing, fixing and maintaining tools and processes to ensure fast and flawless cyber security threat detection, investigation and response along with keeping systems related to cyber operations up-to-date and effective. Their primary responsibilities will be integrating new vendors/tools with SIEM, troubleshooting SIEM-related technology stack, onboarding new log sources, leading projects for new initiatives, architecting new and existing designs, keeping SIEM-related content and configurations up-to-date and working with security engineering team to make sure that detection capabilities are tuned and enabled. They will also automate processes related to security operations to increase effectiveness of detection and response.

Main Activities:

Perform the day-to-day engineering responsibilities related to threat detection and response including threat intelligence, security event correlation (SIEM), security monitoring, security analytics (UEBA), threat hunting, security investigations and security incident response
Continuously monitor health alerts and events of various systems related to SIEM and Cyber Defense Centre tools/vendors
Lead the engineering for cyber security, including but not limited to SIEM for updates, configurations, maintenance and troubleshooting
Investigate and fix broken processes, automations, connectors, automations either individually or collaborating with other teams to mitigate the impact to the security operations
Provide post-troubleshoot and post-maintenance reports and lessons learned to improve cyber engineering efforts
Maintain documentation of operational procedures and similar references, including cyber engineering, log onboarding, troubleshooting, architectural designs etc.
Collaborate with external partners, vendors, government agencies, and private organizations to stay ahead of emerging updates, migrations, changes and configurations to keep the systems effective and up to date
Provide input to the strategic designs and architectures regarding cyber defense operations, plans and roadmaps for all engineering functions.
Provide technical expertise and technology investment recommendations for new technologies and systems.
Lead and contribute to the planning and execution of projects to build and/or improve threat detection and response capabilities.
Design and implement automation needs required by cyber defense operations
Design and implement dashboards, reports, monitoring needed in Sentinel workbooks
Monitor and respond to onboarding requests from internal teams required by compliance/risk purposes
Provide support and evidence for requirements for internal/external audit requests
On call, off-hours and/or shift work will be required.
Stay current on the cyber security threat landscape, including the latest attacker tactics, techniques and procedures, and the controls that may serve as effective countermeasures.
Practice continual improvement for cyber defense practices, and participate in activities to identify improvements, including internal measurement practices, security practice reviews and internal/external audits.

Knowledge/Skill Requirements:

Training/degree/diploma/certificate in Computer Science, Cyber Security/Engineering or related field
A minimum six (6) years in an information/cyber security engineering role
SANS SEC511 or SEC530, Microsoft AZ-500 or AZ-305, ISC2 SSCP or similar certification is preferred
Extensive experience in Azure logic app design and configurations
Extensive experience in Microsoft Sentinel KQL
Extensive technical expertise in Azure services and portals such as Defender for Cloud, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps and Defender for IoT, Sentinel, Log Analytic Workspace, Azure monitoring, Data Collection Rules, Azure Entra ID, Azure policies, Enterprise apps and registrations
Ability to code in python
Ability to work in a fast-paced environment with minimal guidance and supervision.
Experience in at least two of the following disciplines in terms of security engineering: threat intelligence, security event correlation (SIEM), security monitoring, threat hunting, security analytics (UEBA), security investigations and security incident response.
Ability to adapt to constantly changing technical, regulatory, and compliance environments.
The incumbent is expected to interact with all employees including executives and thus good verbal and written skills are important.
Experience working in a banking or financial services environment is an asset
Strong technical background in encryption technologies, network communication protocols (SMTP, DNS, HTTP/s and IP), and Azure services (Sentinel, diagnostics, storage accounts and identities)
Ability to think out of the box for solutions to technical problems
Experienced in NIST CSF, Mitre Att@ck and Cyber Kill Chain
Ability to work independently without the need for direction from supervisors or other managers in the projects and technical configurations
Ability to manage, deploy and configure Linux systems and trouble shoot issues on Linux systems