Analyst, Cyber Defense

Analyst, Cyber Defense
3 days on site – Toronto
6 months

1.Description

 Our client is bringing a cyber defense analyst to support the execution of the cyber vision and strategy, providing technical and business advice, support and services to all  client divisions.

To own the development and execution of the cyber awareness and training program and all associated campaigns and programs that may spin off from them.

To define, develop and support cyber awareness and training programs and initiatives, engaging with teams across the organization to build alignment on key projects and develop execution roadmaps.

The  client reserves the right to disqualify any resource proposed by a Supplier if that resource has previously been engaged as a contractor with the  client.

2. Assignment Duties

Incident Response & Monitoring (SOC)

• Monitor and analyze security alerts from various sources, including SIEM (e.g., Splunk, Sentinel), EDR (e.g., CrowdStrike, Defender), and IDS/IPS to identify potential threats.
• Perform initial triage and investigation of security incidents, determining scope, urgency, and potential impact on organizational assets.
• Draft and refine Incident Response Playbooks to ensure standardized and efficient handling of common attack vectors (e.g., Phishing, Ransomware, Brute Force).
• Collaborate with Infrastructure and DevOps teams to implement containment strategies and remediation actions during active security breaches.
• Translate complex technical findings into executive summaries and post-incident reports (PIR) for stakeholders and leadership.
• Threat Hunting & Cyber Defense
• Proactively hunt for indicators of compromise (IOCs) and suspicious patterns within the network that may bypass traditional security controls.
• Utilize the MITRE ATT&CK framework to map adversary tactics and techniques, identifying gaps in current detection capabilities.
• Conduct vulnerability research and analysis of emerging threats to develop custom detection rules (YARA, Sigma, or KQL).

• Assess IT and OT environments (including SCADA and Industrial Control Systems) for security weaknesses, ensuring alignment with standards like ISA-62443.
• Perform log analysis across diverse data sources (Firewalls, VPNs, Active Directory) to reconstruct attack timelines and improve defense-in-depth strategies.

Experience and Qualifications
 

• A bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related technical field.
• 5+ years of demonstrated experience in Cybersecurity Operations, Incident Response, or a technical Cyber Defense role.
• 5+ years of experience using SIEM and EDR tools to detect and mitigate sophisticated cyber-attacks.
• 5+ years of experience in technical documentation, including Incident Reports, Threat Intel Summaries, and Standard Operating Procedures (SOPs).
• Proven experience in Digital Forensics or deep-dive packet analysis (e.g., Wireshark) to identify malicious network traffic.
• Advanced competency in security tools and scripting languages (e.g., Python, PowerShell, or Bash) for automating defensive tasks.
• Extensive experience in creating data-flow diagrams and attack-tree workflows to visualize potential breach points.
• Strong analytical and investigative thinking skills, with the ability to “think like an attacker.”
• Ability to influence security posture by working effectively with IT teams to patch vulnerabilities and harden systems.
• Excellent incident management skills, with the ability to remain calm and organized under the pressure of an active breach.
• Excellent communication skills, capable of explaining “the how and why” of a threat to both technical engineers and non-technical business leaders.

Preferred Certifications

• GIAC Certified Incident Handler (GCIH) or GIAC Certified Detection Analyst (GCDA).
• Certified Information Systems Security Professional (CISSP).
• CompTIA CySA+ or EC-Council Certified Threat Intelligence Analyst (CTIA).