Job Description

Location: Canada_Remote, Canada

Dans des march\xc3\xa9s en rapide \xc3\xa9volution, les clients \xc3\xa0 travers le monde font confiance \xc3\xa0 Thales. Thales est une entreprise o\xc3\xb9 les personnes les plus brillantes du monde entier se regroupent pour mettre en commun leurs id\xc3\xa9es et ainsi s\'inspirer mutuellement. Dans tous les secteurs o\xc3\xb9 \xc5\x93uvre Thales, notamment l\xe2\x80\x99a\xc3\xa9rospatiale, le transport, la d\xc3\xa9fense, la s\xc3\xa9curit\xc3\xa9 et l\'espace, nos \xc3\xa9quipes d\xe2\x80\x99architectes con\xc3\xa7oivent des solutions innovantes qui rendent demain possible d\xc3\xa8s aujourd\xe2\x80\x99hui.

In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow\'s possible.

Position Summary

This position is located in Fredericton N.B. It will first start as remote and then shift to hybrid once our new facility is up and running.

Thales requires a Cybersecurity Operations Analyst to be responsible for the prevention of Cybersecurity incidents by real-time monitoring, detection, and analysis of potential intrusions. This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events. The position operates and tunes security tools, provides requirements for new security capabilities, and creates use cases for monitoring. In addition, the position creates and follows up on incident reports, creates daily, weekly, and monthly reporting metrics.

The Cybersecurity Operations Centre (CSOC) team will rely on your contribution to perform an in-depth analysis of evidence, identify the malicious operations, and evaluate the real impact to solve in a quick and efficient manner. This is a key role when it comes to onboarding new customers, maintaining the CSOC\xe2\x80\x99s infrastructure and continuous improvement.

Essential Functions / Key Areas of Responsibility

The analyst must have work experience in a Security Operation Centre (SOC) environment. Expertise in using and managing SIEM, EDR, log and network analysis, Network security (Firewall, WAF, IDS/IPS), Infrastructure are vital for this role.

• Monitor, analyze and report possible Cyber-attacks or intrusions, anomalous, and misuse activities.
• Leverage variety of Cybersecurity tools (SIEM, EDR, and Sandbox) for analysis to identify malicious activity.
• Creating queries/rules for specific searches, reports, and alerts on SIEM. Contribute in updating, and tuning correlation rules and Security use cases. Contribute to improvement of alerts classification to minimize false positive.
• Follow incident response process, document, and escalate security incidents. Stay up to date with security incidents until closure.
• Analyze identified malicious activity to determine Tactics, Techniques, and Procedures (TTPs), gather indicator of compromise (IOC) and any relevant information.
• Conduct research, analysis and correlate gathered data from various sources to gain situational awareness and determine the impact of the incident.
• Coordinate with other teams (IT Security, network, system administrators, and end-user) to validate alerts or activities.
• Provide daily summary reports of Cybersecurity incidents, operation statistics of monitoring tools, and latest Cybersecurity related news.
• Perform trend analysis and develops metrics and reports on intelligence and incidents for management.
• Contribute to the creation, update of Security Operation and incident response best practices, and processes.
• Contribute with first responder actions, triaging and containing breaches.
• Assist in secure collection of artifacts, analyze for malicious behavior, and carry out analysis to determine the root cause of events.
• Participate in threat-hunting activities, looking for anomalies. Ingest, analyze, and contextualize data and turn that into intelligence for threat assessment and risk management.
• Research latest known Cybersecurity incidents, gather IOC\xe2\x80\x99s and any relevant data to use with Threat hunting activities.
• Provide advice on configuration of network security devices for service and security enhancement.
• Support customer onboarding projects to ensure a successful transition to CSOC for security monitoring services.

Minimum Requirements: Skills, Experience, Education, Technical/Specialized Knowledge, Certifications, Language

• Minimum of 3 years of relevant experience in System or Network Architecture and Administration, or Security Analysts, Security Operations Center (SOC), or Incident Responder, Computer Emergency Response Team (CERT).
• Currently holding one or more Cybersecurity industry recognized certifications from: (ISACA, ISC2, GIAC SANS, CompTIA Security+ or higher, Offensive-Security).
• Knowledgeable with NIST Cybersecurity Framework (CSF), MITRE ATT&CK.
• Experience in building and updating SOC processes, Playbooks, Correlation rules, and Incident report.
• Alert triage, malware analysis, sandboxing, basic decoding and scripting.
• Must have at least or greater: Splunk (Core Certified Power User) certification, IBM Qradar, Azure Sentinel (SC-200) and other SIEM certification is a plus.

Preferred Qualifications

• Bachelor\xe2\x80\x99s degree in engineering, computer science, cybersecurity, related IT field or equivalent experience.
• Experience working in a SOC environment (Internal or MSSP).
• Experience monitoring enterprise environment. Operation Technology (OT) or ICS is a plus.
• Strong understanding of security incident management, malware analysis and vulnerability management processes.
• Security monitoring experience with one or more Cybersecurity and SIEM technologies \xe2\x80\x93 IBM QRadar, Splunk, Microsoft Sentinel, intrusion detection and prevention (IDS/IPS), Endpoint detection and response (EDR), Data Loss Prevention (DLP), and threat intelligence platform (TIP).
• Experience with SOAR platform: xSOAR, IBM Resilient, TheHive and Cortex.
• Strong written communication and presentation skills.
• Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
• Experienced in scripting, automation, Cloud infrastructure and Cloud security monitoring is a plus.
• Vendor specific training and certifications is a plus: IBM QRadar, Splunk, Palo Alto, Demisto, FireEye, Cisco, Microsoft Azure, Amazon (AWS).
• Must be analytical with detail-oriented analysis and great documentation skills.

Regulatory Compliance Requirements:

Please review values for Canada and USA, selecting ALL that apply:

Canada role

\xe2\x98\x90 None

\xe2\x98\x90 Access to Trade Controlled Items

\xc3\xbe Access to Controlled Goods

\xc3\xbe Security Clearance

Describe Specific need:

This role will only have read-only access to system alerts, logs, and monitoring system. This role will also require Controlled Goods Access and Reliability Clearance at a minimum. Ideally candidates will be eligible for NATO Secret Clearance as well.

Special Position Requirements

Schedule: 40 hrs. per week, schedule can rotate between teams. Service coverage is between 7 AM \xe2\x80\x93 8 PM EST.

Physical Environment: Remote to start, hybrid once the facility is built.

Travel: Only if necessary.

#LI-Remote

#LI-PD1

Thales est un employeur offrant l\xe2\x80\x99\xc3\xa9galit\xc3\xa9 des chances qui valorise la diversit\xc3\xa9 et l\xe2\x80\x99inclusion sur le lieu de travail. Thales s\xe2\x80\x99engage \xc3\xa0 mettre en place des mesures d\xe2\x80\x99adaptation tout au long du processus de recrutement. Les candidats s\xc3\xa9lectionn\xc3\xa9s pour une entrevue et ayant besoin de mesures d\xe2\x80\x99adaptation sont pri\xc3\xa9s de le faire savoir lors de l\xe2\x80\x99invitation \xc3\xa0 l\xe2\x80\x99entrevue; notre \xc3\xa9quipe travaillera volontiers avec chaque candidat pour r\xc3\xa9pondre \xc3\xa0 ses besoins particuliers. Tous les renseignements relatifs aux mesures d\xe2\x80\x99adaptation seront trait\xc3\xa9s d\xe2\x80\x99une mani\xc3\xa8re confidentielle et utilis\xc3\xa9s uniquement dans le but d\xe2\x80\x99offrir une exp\xc3\xa9rience candidat adapt\xc3\xa9e.

Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.

Ce poste exige un acc\xc3\xa8s direct ou indirect \xc3\xa0 du mat\xc3\xa9riel, des logiciels, ou \xc3\xa0 des informations techniques contr\xc3\xb4l\xc3\xa9s en vertu de la Liste des marchandises et technologies d\xe2\x80\x99exportation contr\xc3\xb4l\xc3\xa9e du Canada, du Programme canadien des marchandises contr\xc3\xb4l\xc3\xa9es, du Programme canadien de la s\xc3\xa9curit\xc3\xa9 industrielle, de la r\xc3\xa9glementation am\xc3\xa9ricaine lnternational Traffic in Arms Regulations (ITAR) ou de la r\xc3\xa9glementation am\xc3\xa9ricaine Export Administration Regulations (EAR). Tous les candidats doivent \xc3\xaatre \xc3\xa9ligibles ou en mesure d\'obtenir une autorisation pour un tel acc\xc3\xa8s, y compris l\'\xc3\xa9ligibilit\xc3\xa9 au Programme canadien des marchandises contr\xc3\xb4l\xc3\xa9es et \xc3\xaatre en mesure d\'obtenir une habilitation de s\xc3\xa9curit\xc3\xa9 canadienne de niveau fiabilit\xc3\xa9 approfondie.

This position requires direct or indirect access to hardware, software or technical information controlled under the Canadian Export Control List, the Canadian Controlled Goods Program, the Canadian Industrial Security Program, the US International Traffic in Arms Regulations (ITAR) and/or the US Export Administration Regulations (EAR). All applicants must be eligible or able to obtain authorization for such access including eligibility to the Canadian Controlled Goods Program and able to obtain a Canadian Enhanced Reliability security clearance.

Thales