Intermediate Analyst, Security Operations

Description

• Actively seek mitigation or closure in identified security risks and gaps
• Work with our internal Communications and Learning teams to provide security awareness and training materials for a wide range of audiences, which ranges from senior leaders to field staff
• Support the day-to-day operations of the information security program set out by management
• Track security trends/events to provide information on monthly security reporting
• Support the operational components of incident management, including detection, response, and reporting
• Ensure you and your family receive the services needed to support your mental, emotional, and physical well-being.
• Provide 24/7 response to security operations as it relates to monitoring and alerting of potential security incidents. Be available at any time to actively investigate / document those alerts and manage confirmed security incidents
• Conduct security product evaluations, and recommend products, technologies and upgrades to improve Aecon’s security posture
• Utilize problem solving to find root cause in security incidents
• Assist with security vulnerability assessments, identifying and prioritizing findings for resolution
• Liaise with security product and service vendors to provide day to day support and monitoring of all networks
• Provide management of regular phishing simulations including, but not limited to, selection of templates, launching of campaigns and providing reporting & enforcement of compliance with phishing related policies
• Provide technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, incident management and security tool implementation
• Work collaboratively with other Information Services teams to reach common resolutions and goals
• Monitor multiple environments to detect, validate and respond to anomalous activity, security events, or unauthorized access of information assets
• Work to promptly resolve tickets related to information security, such as virus/malware infections on desktop, phishing, suspicious network traffic and vendor account reviews
• Monitor, triage and respond to emails that have been reported by employees as suspicious and potential phishing attacks. Provide monthly metrics related to these reported emails
• Attend security industry talks, seminars and events to stay current with latest information security trends

Requirements

• 2-3 years’ experience applying information security principles and practices in an enterprise environment, or 3-5 years of experience supporting information technology
• A bachelor's degree in Information Systems or Information Security
• A good understanding of Windows and Linux operating systems, and network protocols
• Excellent verbal, written and interpersonal communication skills with the ability to explain technical matters to a non-technical audience
• A strong understanding of the business impact of security tools, technologies and policies
• An ability to manage multiple tasks with minimal supervision
• Hands on experience of security technologies and tools such as SIEM, IPS, EDR, MDM, web content filters and email security gateways
• A good understanding of the public cloud (AWS, Azure, etc.)
• Flexibility and ability to adjust quickly to changes in priorities, or to different business demands
• Must be able to respond to, and action, security alerts on a 24x7 basis
• Working towards and/or having CISSP and/or Security+ certifications would be an asset
• Strong in analytical thinking, problem solving and troubleshooting
• Excellent reporting skills, with demonstrated ability to create reports

Benefits

Training + Development

Interview process

Visa Sponsorship

Security clearance