Job Description

What's in it for you as an employee of QFG?
Health & wellbeing resources and programs
Paid vacation, personal, and sick days for work-life balance
Competitive compensation and benefits packages
Work-life balance
Career growth and development opportunities
Opportunities to contribute to community causes
Work with diverse team members in an inclusive and collaborative environment
We're looking for our next Principal Cybersecurity Specialist. Could It Be You?
Your contribution delivering sustainable and measurable results in the following areas will be very important:
Administration and management of the various cybersecurity tools used by the wider Joint Security Operations Centre team, such as Endpoint Detection & Response (EDR), Vulnerability Scanning, Attack Surface Management, Identifying and responding to cyber threats - that pose a risk to our reputation and brand, and may result in a compromise. Day to day activities include overseeing system upgrades and expanding capabilities, monitoring system health and troubleshooting system issues, ensuring asset coverage, and managing user access for these tools, as well as detection engineering activities, alert investigation and response, incident response and threat hunting activities and cyber threat intelligence research. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs, providing metrics on the management of these systems and tickets addressed, and conducting monitoring and response activities. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as contribute to process improvements and build documentation for new tools.
Need more details? Keep reading...
You will:
Be proactive and innovative to translate theoretical AI/ML concepts into practical, implemented solutions for SOC. You will research and apply AI/ML technologies to develop new/enhancing solutions for threat detection, response, and prevention. This includes the integration of AI-powered security tooling and technologies into our existing infrastructure, automating repetitive tasks, and improving the overall efficiency and accuracy of our security operations. Prior experience with workflow automation tools such as Cursor and n8n is a significant advantage.
Act as a SME for the team and lead engagement activities during major incident response
Monitor, analyze and report possible cybersecurity attacks.
Investigate and perform analysis of threat indicators.
Gather Indicators of compromise and any relevant data to use with threat hunting activities.
Leverage security tools (SIEM, EDR, and more) for analysis to identify malicious activities.
Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
Monitor and actively conduct investigations and analysis related to Cyber Threat Intelligence gathered from the internet and dark web related to threats facing the organization.
Participate in on-call and hands on scheduled shift rotations including off business hours.
Collaborate well and work with other cybersecurity and IT team members.
Lead Security Incident Response and investigation with other internal teams and 3rd party providers.
Conduct expert level incident investigations using security tools and solutions (SIEM, EDR, firewalls, etc.).
Complete Security Incident and Investigation reports.
Onboard and monitor cloud environments (Azure, AWS, or GCP) into SIEM.
Develop and document processes, operational procedures, and enhance playbook workflows.
Deploy, manage and administer tools used by other cybersecurity teams related to endpoint protection, email security, vulnerability scanning, etc
Review enterprise security tools and controls to review system health, identify misconfigurations, and implement tuning recommendations per vendor best practices
Maintain existing or create new procedures and processes for administering and managing cybersecurity tools under the purview of the team
Respond to and address support tickets for our tools that arise from different end users and teams via the enterprise ticketing system
Provide proactive security investigation and searches on corporate environments to detect malicious activities.
Maintain up-to-date understanding of security threats, countermeasures, security tools, Cloud Security and SaaS technologies.
Maintain technical proficiency through training, keeping up with industry best practices, and security frameworks
Report on team metrics for the CISO leadership team and the IT & Cyber GRC team
Report on all applicable compliance related obligations
So are YOU our next Principal Cybersecurity Specialist? You are if you have...
6+ years of relevant experience in performing, Cybersecurity operations, Cybersecurity Threat Intelligence, Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.
Knowledge of NIST Cybersecurity Framework, MITRE ATT&CK.
Knowledge of creation and fine tuning SIEM use cases.
Security monitoring experience with cybersecurity and SIEM technologies.
Experience with building SOC processes, playbooks, SIEM correlation rules, and incident reports.
Experience with threat hunting and security incident investigation.
Knowledge of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.
Knowledge of incident investigation, working with in-house and vendor teams to research, identify and report on incidents.
Knowledge of security incident management, malware analysis and vulnerability management processes.
Strong technical and learning agility, able to adapt to constantly evolving threats, domains and technologies.
Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
Experience with the security logging and monitoring of cloud environments.
Experience analyzing different data sets and preparing metrics and reports (e.g. Excel, Sheets, PowerBI)
Experience with Atlassian products, especially JIRA and Confluence
Brownie points if you have...
CEH, CSA, CHFI, ECIH or similar relevant certifications.
Familiarity with programming languages such as Python, JS and others.
Hands on technical expertise in the following types of tools: EDR, infrastructure vulnerability scanning, cloud based scanning, data loss prevention, external attack surface management, network scanning, incident response, SIEM, access management
Sounds like you? Click below to apply! #LI-Hybrid #LI-MM1

Skills Required