JSOC - Cybersecurity Specialist - Incident Response

Questrade Financial Group • Rosario, Santa Fe Province, Argentina • 3d ago

What’s in it for you as an employee of QFG?

Health & wellbeing resources and programs
Paid vacation, personal, and sick days for work-life balance
Competitive compensation and benefits packages
Work-life balance
Career growth and development opportunities
Opportunities to contribute to community causes
Work with diverse team members in an inclusive and collaborative environment

We’re looking for our next SOC Specialist. Could It Be You?

Your contribution delivering sustainable and measurable results in the following areas will be very important:

Identifying and responding to cyber threats - safeguarding our company's infrastructure and data. You will be primarily involved in supporting the alert development cycle, triaging and investigating alerts, managing the full incident response lifecycle (investigation, containment, eradication, and recovery) and collecting and tracking metrics for reporting. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as contribute to process improvements and build documentation for new tools.

Need more details? Keep reading…

You will:

Collaborate with team members on investigations and share technical knowledge.
Monitor, analyze and report possible cybersecurity attacks.
Investigate and perform analysis of threat indicators.
Gather Indicators of compromise and any relevant data to use with threat hunting activities.
Leverage security tools (Elastic, CrowdStrike and more) for analysis to identify malicious activities.
Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
Execute containment and eradication actions following established playbooks.
Participate in on-call and hands-on scheduled shift rotations, including outside of business hours.
Support coordination of Security Incident Response and investigation with other internal teams and 3rd party providers.
Document incident timelines, evidence, and actions taken for post-incident review.
Perform post-incident reviews and produce lessons-learned reports.
Contribute to maintaining and improving incident response playbooks and runbooks.
Participate in tabletop exercises and IR simulations.
Provide proactive security investigation and searches on corporate environments to detect malicious activities.
Maintain up-to-date understanding of security threats, countermeasures, security tools, cloud security and SaaS technologies.
Maintain technical proficiency through training, keeping up with industry best practices, and security frameworks.
Communicate investigation findings to technical stakeholders and contribute to reporting.
Contribute to tracking SOC operational metrics (MTTD, MTTR, alert fidelity).

So are YOU our next SOC Specialist, Incident Response? You are if you have…

3+ years of relevant experience in performing Cybersecurity Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.
Experience in the creation and fine-tuning of detection rules.
Familiarity with integrating security tools via APIs for automation, and familiarity with Security Orchestration, Automation, and Response (SOAR) concepts.
Experience with investigations and incident response using EDR tools such as CrowdStrike Falcon and SIEM tools such as Elastic Security (KQL, ESQL, Timeline analysis).
Experience with forensic triage (disk, memory, network) and multiple operating systems (Mac, Linux, Windows).
Experience with contributing to SOC processes, playbooks, SIEM correlation rules, and incident reports.
Experience in incident management and communication under pressure.
Familiarity with programming languages such as Python, JavaScript and others.
Knowledge of NIST Cybersecurity Framework, MITRE ATT&CK.
Knowledge of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.