Security Content Detection Engineering

Category: Cyber Security
Main location: Canada, Ontario, Toronto
Alternate Location(s): Canada, Alberta, Edmonton
Canada, Nova Scotia, Halifax
Canada, British Columbia, Vancouver
Canada, Ontario, Ottawa
Position ID: J1022-1908
Employment Type: Full Time

Position Description:

As a Senior Consultant part of that Global Security Operation Center team, the Security Content Management Analyst will be a security team member responsible for supporting & enhancing the security detection solutions used by our SOC. This person will be a technical leader working with other security technical experts in charge of supporting key detection capabilities.

The main location for this role is based in Toronto, Ontario.
We are open to considering candidates from any location where CGI has an office in Canada; Ottawa, Gatineau,Toronto, Mississauga, Markham, Montreal, Quebec City, Halifax, Fredericton, Moncton, Stratford PEI, Calgary, Edmonton, Regina, Vancouver, Burnaby, Victoria.

Your future duties and responsibilities:

The Security Content Management Analyst is responsible for the following activities related to advanced threat research and content development:

Threat Detection Content - Research & Development
•Correlate Indicators of Compromise (IOC) within large data sets
•Research new detection techniques to enhance the security solution effectiveness
•Development new and novel detection mechanisms, Use Case, IOCs & signatures
•Identify new and emerging trends in threat actors Tactics, Techniques & Procedures (TTPs)

Security Content Management
•Produce statistical reporting for effectiveness of the detection content
•Responsible in updating and enhancing existing threat detection content
•Leverage internal and external sources for the creation of security content
•Translate intelligence & incident response reporting into actionable detection capabilities

Security Content & Intelligence Integration
•Develop SIEM use cases or rules/signatures to help better detect or prevent threats
•Integrate the security content to existing detection solution such as SIEM, IPS, EDR, EPP, NG-FW, TIP
•Contribute to the integration of actionable intelligence data with existing security controls and procedures

Other Responsibilities
•Participate in innovation projects including the building, deployment and evaluation of new technologies
•Provide advanced threat awareness and education to members of the team

Required qualifications to be successful in this role:

The candidate should be able to demonstrate a thorough understanding of Cyber security. Specifically, the candidate must possess an in-depth knowledge of modern threats, attack methodologies applied in detection methodologies. The candidate should be passionate about security, love to solve technical challenges and like to learn new modern solutions.

Education and Experience
•Degree in IT Security, Engineering or Technology related fields a major plus
•Expertise and strong experience (2-3x years) in at least two of the following areas:
-Security Operation Center (SOC) analyst
-Cyber Research and Threat Intelligence
-SIEM Analyst, Administrator
-Security Content analyst

•Extensive experience interacting with security detection content (IDS Signatures, SIEM Use Cases)
•Knowledge of various standard detection content format (Sigma, YARA, Snort Rule, Stix)
•Experience using Git and other development version control systems
•Strong knowledge of current threat, vulnerabilities and threat actors
•Understanding of standard development practices (Agile, DevOps)
•Experience with Scripting (bash scripting, python)
•Knowledge of Linux Operating system
•Possess a high level of English-language writing capabilities (as this is a global role)

•Knowledge of intelligence platforms and how different tools enable the intelligence cycle
•Maintain knowledge & implement technologies related to IT/security management, Automation, DevOps


What you can expect from us:

Insights you can act on

While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.

When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees "members" because they are CGI shareholders and owners and owners who enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today — one of the world’s largest independent providers of IT and business consulting services.

At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.

Ready to become part of our success story? Join CGI — where your ideas and actions make a difference.