CYBER SECURITY Specialist – SIEM (Detection Engineer and Response)

Montreal

BDC

We are BDC, the Business Development Bank of Canada and the financial institution devoted to Canadian entrepreneurs. We help create and develop strong Canadian businesses through financing, advisory services and capital, with a focus on small...

View company page

We are banking at another level.

Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.

Choosing BDC as your employer also means:

  • Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few   

  • In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1

  • A hybrid work model that truly balances work and personal life

  • Opportunities for learning, training and development, and much more... 

POSITION OVERVIEW

The CYBER SECURITY Specialist is responsible for managing processes and technologies to defend and protect BDC’s systems and information assets against cyber-attack and adversaries.  This individual will be a subject matter expert in cybersecurity defense layers and various tech stacks that power detection and response and design and execute best-in-class network/systems/Cloud monitoring, preventative and detective controls.

This critical role requires a detailed understanding of cyber security and in-depth knowledge of endpoint and computer networking fundamentals, Cloud technologies in the context of logging, observability, and detection engineering know-how to protect such assets.

The role will drive the creation and execution of plans for the deployment, ongoing orchestration and operationalization of cyber security services and products with focus Splunk and Splunk SE detection engineering. The CYBER SECURITY Specialist will help develop and maintain key relationships with internal and external cyber security entities and be operationally focused on the defense of BDC’s network and assets while strategically positioning the organization in preparation for increasing complexity and emerging threats.  

As a Detection Engineer, you will play a crucial role in designing, implementing, and maintaining detection strategies using Splunk Enterprise, Splunk ES (Enterprise Security), and Splunk SOAR (Security Orchestration, Automation, and Response)

Your main tasks will be driven will be detections and detection mechanisms that provide comprehensive coverage of both known and unknown threats. The responsibilities involve writing structured queries against large datasets of endpoint and network telemetry, as well as building custom threat detection tooling and frameworks. We encourage the continual practice of adversary emulation to identify novel detections as well as validate the effectiveness of our threat detection posture.

CHALLENGES TO BE MET

  • Drive and lead deployment, ongoing orchestration and operationalization of cyber security services and products with focus Splunk and Splunk SE to drive implementation of new Threat Detection Controls within the framework of a threat-informed defense strategy.

  • Lead the design and execution of the enterprise security operations processes, procedures, and playbooks as it pertains to cyber services such as SIEM, Splunk, EDR, CSPM, CWPP, Containers as well as other in-house developed services.

  • Keep abreast with new technologies in the Cyber space with the goal of enhancing BDC cyber posture.

  • Lead and manage technical aspects of BDC’s cyber technology providers to make sure BDC Cyber tech stack is providing all the necessary detective protections.

  • Define and maintain the roadmap of program and technology changes being driven by the internal needs and IT projects as well as new developments on the providers’ side.

  • Manage detection engineering security operations projects, including process improvement and technology investment.

  • Maintain relationships with external sources of information security information that can be used to manage our security program.

  • Research trends in new security threats, technologies; advise and train team members to maintain awareness.

  • Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization.

  • Provide suggestions and feedback to improve the overall capabilities of the BDC Security team.

  • Monitor cyber tooling output and conduct spot checks for accuracy.

  • Conduct research within the fields of Security Observability, EDR, Cloud and Container security to develop new strategies against threats.

  • Respond to monitoring alerts according to defined playbooks and procedures.

  • Participate in Post Incident Reviews and discussions.

  • Enhance playbooks and procedures to improve security posture and reduce noise.

  •  Experience with one or more scripting languages, such as Python, Bash in the context Splunk SE and SOAR

  • Creating and updating rules and signatures for automated threat detection.

  • As needed, integrating various tools and technologies to form a coherent detection infrastructure.

  • Monitor and analyze security logs and events to identify and respond to security incidents.

  • Stay current with industry trends, emerging threats, and new technologies to ensure the effectiveness of the detection and response capabilities.

  • Engage with relevant owners of high-risk systems and services to identify and prioritize detection gaps.

WHAT WE ARE LOOKING FOR

  • Bachelor’s degree in information technology, security, or similar computer-related field of study and 5+ years of information security experience with heavy focus in observability and detection engineering in Splunk base environment

  • 3+ years of incident response, event management, and malware analysis experience in a fast-paced cyber operations environment

  • Experience with Cloud security observability, response automation (AWS, Azure)

  • Experience with SIEM tools, services, and processes

  • Experience with EDR/XDR tools, services, and processes

  • Bachelor’s degree in information technology, security, or similar computer-related field of study and 5+ years of information security experience

  • 3+ years of experience of Cloud security services/tools deployment and orchestration technologies

  • Solid experience in Spunk and Splunk SE in the context of EDR, Cloud and/or Container security tools. (Azure, AWS, Crowdstrike etc.)

  • Solid knowledge of incident response methodologies, best practices, and routines

  • Advanced level of understanding in cyber specialization and several cyber related disciplines to investigate and analyze all response activities related to cyber incidents.

  • Skilled at identifying various types of events and incidents and applying the right response framework for each (i.e. information mishandling, security vulnerability, system exploit, malware infection, etc.)

  • Basic to advanced reverse engineering with deep understanding of IOC’s, Cyber Kill Chain, MITRE ATT&CK and preventive and detective technical controls

  • Ability to work effectively with technical and non-technical staff.

  • In-depth familiarity with workflow tools and ability to develop and improve tools/processes.

  • Familiarity with industry organizations and individuals that can be leveraged for knowledge sharing and support.

  • Solid verbal and written communication skills, and the ability to tailor the context of the conversation to the audience.

  • Ability to think outside the box and develop solutions to accomplish seemingly impossible tasks, while remaining risk and objective focused

  • English and French written and verbal communication skills

  • Familiarity with Linux, Windows, and Mac system internals as all Cloud telemetry fundamentals

  • Track record of getting things done quickly and with quality

  • Certifications: any of GIAC range of certs

Proudly one of Canada’s Top 100 Employers and one of Canada’s Best Diversity Employers, we are committed to fostering a diverse, equitable, inclusive and accessible environment where all employees can thrive and feel empowered to bring their whole selves to work. If you require an accommodation to complete your application, please do not hesitate to contact us at accessibility@bdc.ca.

While we appreciate all applications, we advise that only the candidates selected to participate in the recruitment process will be contacted.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Automation AWS Azure Banking Bash Cloud CrowdStrike Cyber Kill Chain EDR Exploit GIAC Incident response Linux Malware MITRE ATT&CK Monitoring Python Reverse engineering Scripting SIEM SOAR Splunk Strategy Threat detection Windows XDR

Perks/benefits: Career development Flex hours Flexible spending account Flex vacation Health care Team events Wellness

Region: North America
Country: Canada
Job stats:  15  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.