Cyber Security Specialist, SIEM Operations

Take a central role

The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment. 

You will be joining a highly impactful Cyber Security Operations team with the mission to keep Canada’s economy safe & secure. You will be provided with autonomy to make decisions and recommendations as you see fit – within a diverse, fully supportive team all pulling in the same direction.  

Further – you will have the opportunity to utilize state-of-the-art Enterprise Cyber Security Solutions and consistently learn as technology in the industry evolves.  

What you will do  

You will provide vital Bank-wide security services, ensuring the confidentiality, integrity, and availability of the Bank’s information assets by implementing, managing and developing a portfolio of IT security information and event management (SIEM) tools to support the Banks various platforms and providers. 

In addition, you will be: 

• Implementing, maintaining (monitoring), enhancing, and integrating all aspects of the Bank’s SIEM solution and toolsets.  

• Assisting with security incidents, investigations, root-cause analysis and support real-time tools development to enable better detection, response, and incident response capabilities to drive down detection and containment times in partnership with the security operations team 

• Providing advice and recommending solutions leveraging the capabilities of the SIEM 

• In conjunction with other teams, providing and developing new content using the SIEM solution to security operations. 

• Developing and improving deployment and operations support documentation related to all aspects of SIEM.  This includes a review of current documentation and the creation of new material. 

• Working closely with the security operations team to improve knowledge and operational use of the solution 

• Maintaining strong productive relationship with our SIEM vendor to ensure support and that Bank is receiving value on an ongoing basis 

What you need to succeed 

You are a curious, rational, and critical thinker whom, by nature, loves to dig deeper on problems and always questions the “why”.  As an effective communicator, you can communicate in a clear and concise manner and have a team and security first mentality and can naturally step in to support your co-workers. 

You will also have familiarity and/or a proven skillset within: 

• Splunk as an Security Information and Event Management (SIEM) platform including knowledge of its deployment, capabilities, support, monitoring and troubleshooting abilities 

• Enterprise-level systems and infrastructure, network-based services and client/server applications (with similar size and complexity to the Bank of Canada).  

• At least one scripting language preferably Python or PowerShell 

• Operating System telemetries (process, network, DNS, Registry, etc.) 

Nice-to-have: 

• Previous experience with defensive security / blue teaming  

• Experience analyzing security events using event aggregation and correlation systems, including SIEM capabilities 

• Experience in programming/scripting languages  

• Administration and use of Linux operating systems with Fedora (Red Hat, CentOS) or Debian (Ubuntu), including scripting in a shell environment (Bash, etc.)  

• Experience with cloud computing, with a particular focus on Microsoft Azure.  

• Relevant cyber Security certifications (CISSP, GIAC, etc.) 

Your education and experience 

Your combined education and work experience demonstrate that you have the proficiencies and skills for the role. We are ideally seeking candidates with a relevant degree/diploma and 2+ years of relevant experience.

Hybrid Work Model #LI-Hybrid

The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a substantial part of each month as part of the Bank`s hybrid work model, and they are expected on site at the Bank location a minimum of eight days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.