Level 2 SOC Analyst
Canada, Alberta, Calgary
Canada, Nova Scotia, Halifax
Canada, Ontario, Ottawa
Canada, New Brunswick, Moncton
The Level 2 (L2) SOC Analyst is a core resource on the security monitoring and response team (Blue Team) within the Global Security Operations Center (GSOC). As a member of the Blue Team, the L2 Analyst is responsible for the monitoring, triage and response of all security alerts coming from SIEM and the security controls directly.
The L2 Analyst will have a broad range of cybersecurity experience and skillsets including knowledge of Windows and Linux operating systems, knowledge of common threats and attack methodologies, an awareness of industry standards, and foundational endpoint and network-based analysis techniques.
We are open to considering candidates from any location where CGI has an office in Canada; Ottawa, Gatineau,Toronto, Mississauga, Markham, Montreal, Quebec City, Halifax, Fredericton, Moncton, Stratford PEI, Calgary, Edmonton, Regina, Vancouver, Burnaby, Victoria.
Your future duties and responsibilities:
Perform real-time monitoring of security alerts coming into the queue, detected by various security controls.
• Continue the investigation of alerts that have been escalated by L1 Analysts within agreed upon SLA's.
• Perform triage of indicators, as needed, and document all findings in the appropriate threat knowledgebase.
• Perform In-depth analysis of the alert, outside of Standard Operating Procedures, utilizing foundational endpoint
and network-based analysis techniques.
• Create security incidents from presumed true-positive alerts; and close presumed false-positives.
• Escalate alerts to L3 Analyst that are found to be undetermined, or that have additional requirements.
• Support the Incident Handling (IH) and Incident Management (IM) teams
• Maintain awareness of industry trends, new threats, technologies and common security standards and
• Engage and collaborate with other members of the GSOC, as well as internal CGI teams, during the investigation
• Make technical and procedural enhancement recommendations in coordination with other members of the team
to improve the overall capabilities and maturity of the SOC.
• Report security vulnerabilities identified during BAU activities, and provide recommendations to mitigate the
overall security risk to the organization.
• Review and enhance Standard Operating Procedure (SOP) documentation.
• Utilize and contribute to internal threat intelligence.
• Perform handover of priority items at the end of shift.
• Review alert queues to identify patterns that may indicate broader security issues by taking a"short-term" view of event analysis (days and weeks)
Required qualifications to be successful in this role:
Ability to communicate clearly and effectively in both verbal and written form.
• Ability to think critically when investigating alerts in order to determine appropriate relevance of the alert details.
• Knowledge of various networking concepts and the ability to utilize that knowledge during an investigation.
Common concepts include IP Address subnets, Network Address Translation (NAT), and the knowledge of
different protocols and ports.
• Knowledge of Windows Event ID's, including knowing the event ID of common events such as logins, login
failures, and process creations.
• Knowledge of the Linux operating system including common log storage paths, and foundational Linux
• Knowledge of vulnerability management concepts, as well as Common Vulnerabilities and Exposures (CVE).
• Ability to analyze log files utilizing clearly defined techniques.
• Knowledge of network security monitoring techniques.
• Knowledge of common threats and vulnerabilities, attack methodologies, threat actors, and attack tools.
• Awareness of various industry standards and frameworks.
• Knowledge of IT Service Management (ITSM) with a focus on Incident Management.
• Knowledge of foundational open source intelligence techniques.
• Foundational knowledge of any scripting or programming language, is an asset.
• Knowledge of foundational malware analysis techniques, is an asset.
• Knowledge of foundational reverse engineering techniques, is an asset.
• Knowledge of foundational threat hunting techniques, is an asset.
• Ability to methodically research unknown information; including being able to search for information, take notes, and manage time.
• Ability to mentor junior analysts.
QUALIFICATIONS & EDUCATION
• 2+ year degree of diploma with a focus on Information Security or Cybersecurity, is an asset, but not required.
• Certifications in Information Security or Cybersecurity related disciplines (e.g., Security+, CySA+, SSCP, CISSP,
CCSP, GSEC, GSOC, GCIA, GMON, GCDA, GCIH, GCFA, GREM, GNFA, CEH).
• At least, 2 years of experience working in a Security Operations Center as a SOC Analyst, or similar role.
• Experience handling alerts from SIEM and common security controls including Network and Host-based IPS and
IDS, Endpoint Security, Firewall, and Cloud security.
• Experience with using use third-party security intelligence tools, such as VirusTotal, to safely triage indicators.
• Experience performing alert investigation utilizing foundational digital forensics techniques.
• Experience producing security reports.
What you can expect from us:
Insights you can act on
While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.
When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees "members" because they are CGI shareholders and owners and owners who enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today — one of the world’s largest independent providers of IT and business consulting services.
At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.
Ready to become part of our success story? Join CGI — where your ideas and actions make a difference.