Cyber Security Defense MDR, EDR/XDR Integration Support and Life Cycle expert

Category: Cyber Security
Main location: Canada, Ontario, Ottawa
Position ID: J0622-2425
Employment Type: Full Time

Position Description:

Cyber Security Defense MDR, EDR and XDR Integration Support and Life Cycle expert

We currently have an exciting opportunity to join the Cyber Security team as a MDR, EDR/XRD Integration Support and life-cycle expert
Our employees work in a dynamic, fast-paced environment where they work closely with our internal and external clients. We are on the cutting edge of technology, exploring exciting areas of our clients and our business while keeping up the standard of being leaders in the industry.

The Cyber Defense MDR, EDR/XRD Integration Support and life-cycle expert is an IT Cyber Security Professional Responsible for Implementation, integration, tuning of MDR, EDR/XDR solutions through their service life-cycle
A prime focus to integrate, Support, normalize and provide life-cycle support as a prime expert and owner to the Managed Endpoint Detection and Response solutions

The successful candidate for this position enjoys working in a dynamic fast-paced collaborative team environment and interacting with clients. We are seeking a self-starter who enjoys learning and keeping abreast of new technology trends.

Your future duties and responsibilities:

•Act as prime escalation and point of contact expert in the MDR, EDR/XDR space
•Lead and drive complex technical integration and escalated operations issues.
•Produce and maintain technical documentation.
•Work collaboratively and communicate effectively with customers, Project Managers, Client Engagement teams, Architects, Portfolio leads, Business Engineering, Proposal leads and peers
•Provide input to reference architectures/designs and implementation plans for Network and data flow between solution and target systems; may produce designs for less complex solutions.
•Work effectively on several concurrent client and/or internal initiatives.
•Perform validation testing as part of the transition of the security solution into production.
•Maintain awareness of trends in regulatory, technology, and operational requirements.

Required qualifications to be successful in this role:

•5+ years in administering Next-Gen Anti-Malware/Anti-Virus (e.g. McAfee ENS, Carbon Black Defense, Kaspersky, Symantec EP, MS Defender)
•2+ years background in administering EDR (Endpoint Detection and Response). (e.g. Carbon Black EDR, Crowd Strike Falcon, Cylance, Sentinel One)
•2+ years background in administering Application Control. (e.g. Carbon Black Bit9/Protect/AC, Beyond Trust PAM)
•Familiar with user and entity behavioral analytics and how these services are applied to identify and defend against identity compromise.
•Understanding of security event management solutions, their design, implementation and integration into Security Operations.
•Understanding of Use Case and content development. Familiar with rules that can be applied to consolidate events across disparate systems and used to identify an attack chain across systems.
•Understanding of threat hunting and unifying security-relevant endpoint detections with telemetry from non-endpoint sources such as network visibility, email security, identity, access management, cloud security
•Understanding of threat modelling, risk and how to mitigate the risks concerning applications, both from internal and external threat actors.
•Post-secondary degree or college diploma/certificate in Information Technology, Computer Science, Systems Engineering, or related Information Technology programs.
•Customer relations skills
•Knowledge of Security technologies and controls.
•Experience administering & configuring Linux/UNIX and or Windows based devices.
•Strong troubleshooting, reasoning and problem solving skills.
•Team player willing to share knowledge and learn from others.
•Minimal supervision, work autonomously, take ownership
•Good time-management and organizational skills
•Ability to deal with aggressive timelines and the associated pressure.
•Ability to speak and communicate clearly from a technical perspective, to users and also at the management level
•Ability to write clear and concise technical documentation in English.

Desired Qualifications
•Familiar with the role and function of a SOC and of the incident response processes
•Experienced working with managed security services
•A good understanding of techniques and approaches used by threat actors to compromise companies.
•Understanding of the MITRE ATT&CK framework and how it can be applied to help customers improve their cyber defense.
•Understanding of the business, privacy, security, and regulatory, compliance challenges surrounding client data and able to articulate and understand the types of assets that would be seen as valuable and susceptible to attack.
•Ability to obtain a Government of Canada security clearance of Level II (Secret)
•Knowledge and experience with security controls such as: Web Content Filtering(WCF), Data Loss Prevention (DLP),File Integrity Management (FIM), Host/Network Intrusion (IDS/IPS), Vulnerability Management (CVA), Web Application Firewall (WAF), NG-FW, Firewalls, Database Activity Monitoring (DAM), Security Information Event Management (SIEM), Log Management: event parsing, log collection, storage, automation.

Endpoint Detection vendor platforms:
Windows, Defender 365, Azure, and Sentinelone, Fireeye, Fortiedr, VMware Carbon Black, Tanium, CrowdStrike

Preferred courses:
•AZ-500: Microsoft Azure Security Technologies
•SC-200: Microsoft Security Operations Analyst
•SC-900 Microsoft Security, Compliance, and Identity Fundamentals
•SC-300: Microsoft Identity and Access Administrator
•SC-400: Microsoft Information Protection Administrator
•MS-500T00-A: Microsoft 365 Security Administration
•Sentinelone Administrator course
•SentinelOne Investigator Course
•SentinelOne IR Threat Hunting

Possess one (1) or more of the following certifications:
• GIAC Certified Detection Analyst (GCDA)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Penetration Tester (GPEN)
• GIAC Reverse Engineering Malware (GREM)



  • Cyber
  • Security Assessment

What you can expect from us:

Insights you can act on

While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.

When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees "members" because they are CGI shareholders and owners and owners who enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today — one of the world’s largest independent providers of IT and business consulting services.

At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.

Ready to become part of our success story? Join CGI — where your ideas and actions make a difference.