Regional Incident Response Investigator, Cyber Security

Regional Incident Response Investigator, Cyber Security

Category: Cyber Security Consulting
City: Vancouver, Victoria, Edmonton, Calgary, Ottawa, Toronto, Halifax, Regina, Canada
Position ID: J1119-1304
Employment Type: Full Time

Meet our professionals

CGI Canada - Ready For This

Position Description:

The Regional Incident Response Investigator is part of the Global SOC which conducts Cyber research, threat hunting, incident response, forensics analysis, red team operations, malware reverse engineering and innovations.

This role requires a thorough understanding of Cyber security and in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, threat actors and forensics methodologies and tools.

The Regional Incident Response Investigator is capable of leading and conducting highly technical incident response engagements, setting the Incident Response Plan, and working with and leading colleagues where required in the correct application of Incident Response processes within CGI. The Regional Incident Response Investigator is a highly effective communicator and is able to communicate at all levels within the business.

Your future duties and responsibilities:

Incident Response:
- Provide technical leadership and conduct incident response engagements as required at the direction of the Head of Incident Response or Head of Cyber Monitoring and Response (Blue Team)
- Help to develop incident response within the Global SOC, paying particular attention to best practices and advances in technology or cyber security
- Perform Advanced Digital Forensics Analysis, Host based or Network analysis as required during an investigation
- Act as the senior subject matter expert where required during security incidents
- Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization
- Provide ideas and feedback to improve the overall SOC capabilities or maturity (focus on people and processes)
- Work until incident resolution or as directed by the Head of Incident Response or the Head of Cyber Monitoring and Response (Blue Team)
- Perform basic reverse engineering on malware using dynamic and static analysis
- Perform forensic collection of endpoint or network evidence with forensically sound procedures, document evidence handling with chain-of-custody procedures, and conduct forensic investigations to industry standards
- Perform advanced “Threat Hunting” for unknown Cyber security events in order to find, identify and categorize advanced cyber threats

- Monitor for alerts generated and escalated by GSOC monitoring technologies or escalated by Analysts Level 2 and 3 or as identified individually
- Research, consult with colleagues and train to maintain awareness of trends in new security threats, technologies and regulations
- Monitor Automated Tool output and conduct spot checks for accuracy of outputs

- Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and sets the priority accordingly
- Determine and classify the severity of alerts and assess potential impacts as classification defined in knowledge base
- Validate Triage conducted by Analyst Level 2 and 3 and by the Automated Tools
- Report potential security incidents
- Analyze and respond to security events and incidents from monitoring technologies or escalated by Analysts Level 2 and 3 or as identified individually
- Mentor level 2 and 3 Analysts and review and advise on Standard Operating Procedures (SOPs) and training documentation as required.
- Work with CGI’s ITSM system during Incident Handling and Triage Innovation
- Develop, build and integrate internal tools to augment and automate capabilities of the Global SOC to detect, respond and mitigate cyber security threats
- Research within the field of Incident Response, Forensic and Threat Hunting to develop new strategies against threats

- Be a leader for Level 2 and 3 Analyst by providing strong technical leadership and guidance
- Continuous training and mentoring for Level 2 and 3 Analyst to improve their technical ability
- Review, modify and create the Standard Operating Procedures (SOPs) used by Level 2 and 3 Analysts

Required qualifications to be successful in this role:

- Degree in IT Security, Engineering or Technology related fields a major plus

- Proven certifications in Cyber security related disciplines. E.g. SANS

- Certified in Incident Response and/or Forensics

- Minimum of 6 years’ experience in working in a similar Cyber Security role or associated discipline
- Be a recognized Cyber Security professional within Forensics, Incident Response or Threat Hunting within your region or business unit
- Previous Experience Leading Incident Response Engagements
- The candidate should have expertise and strong experience (3+ years) in at least two of the following areas:
- Advanced Threat Hunting
- Malware analysis
- Reverse engineering

This role can be located in any CGI office location across Canada:


What you can expect from us:

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at

No unsolicited agency referrals please.

CGI is an equal opportunity employer.