Job Description

Job Title: Senior Specialist, Cyber Defence
Job ID: 55815
Location: Toronto, Ontario

Overview:
Our client, The City of Toronto is looking for a Senior Specialist, Cyber Defence. The Senior Specialist, Cyber Defence\xe2\x80\x98s role is to support the execution of the Chief Information Security Officer\xe2\x80\x99s (CISO) mandate, cyber vision and strategy, providing technical and business advice, support and services on Threat Management cyber programs and initiatives to all City divisions, agencies and corporations. To define, develop and support Threat Management cyber programs and initiatives, engaging with teams across the organization to build alignment on key projects and develop execution roadmaps. He/She will support end-to-end Cloud security implementation, enablement and operations; and provide subject matter expertise, strategic advice, senior level guidance and operational support for Cyber Defence area within the Threat Management section.

What you will be doing:

Leads the development, deployment and management of a Security Operation Centre (SOC), operationalizing and consulting on the City\xe2\x80\x99s security risk posture.

Works in partnership with other IT teams and external service providers in the operation of a SOC.

Works in partnership with the Managed Security Services Provider (MSSP) to maintain security log infrastructure to monitor, analyze, respond to, and log anomalies.

Identifies operational and tactical cyber intelligence to improve security operations and support efforts to prepare for, monitor, detect, analyze, contain, remediate, and recover from security incidents.

Works with and coordinates third-party service providers as needed on vulnerability scans, penetration testing, incident management, managed Security Information and Event Management (SIEM), Intrusion Detection System (IDS)/ Intrusion Protection (IPS), Data Loss Prevention (DLP), and threat intelligence.

Leads the development of metrics to accurately track the current state of defences, trends, compliance and key performance indicators.

Prepares and delivers metrics and reports for senior management to show efficiency and compliance of security functions.

What you must have:

Post-secondary degree in Business or Technology or a related discipline.

Over 6 years experience in Application Implementation, Configuration Management and/or Cyber Operations

In-Depth security monitoring experience with one or more SIEM technologies (i.e. QRadar, Splunk, Azure Sentinel) and intrusion detection, prevention technologies.

Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.

Strong understanding of security incident management, malware management and vulnerability management processes.

Experience with API integration and management of security controls with cloud environment.

Strong understanding Cloud enviornment\xe2\x80\x99s Security monitoring components (for e.g. Microsoft: Defenders, Sentinel; Amazon CloudWatch, CloudTrail, Event Bridge; GCP: Chronicle Security, Event Threat Detection, Security Command Center, etc.)

Extensive experience with web content filtering technology \xe2\x80\x93 policy engineering and troubleshooting.

Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.

Extensive experience in Incident Response or relevant cyber security field(s)

In-depth experience managing cases with enterprise SIEM systems.

In depth knowledge of security vulnerabilities, exploits, malware and digital forensics as they relate to Incident Response.

Strong deductive reasoning, critical thinking, problem solving, and prioritization skills

Strong knowledge of effective security practices in a large, complex environment and awareness of general security-related training requirements within this environment.

Preferred Certifications (any in the list): CCSP, Azure, AWS or GCP Security Certifications, CISSP, CRISC, OSCP, CEH, GPEN

Ability to work in transformative programs.

Ability to lead efficient communication between all project stakeholders, including internal teams and clients

Ability to achieve business objectives through influencing and effectively working with key stakeholders.

Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors.

Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.

Keen attention to detail and strong organizational skills.

Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.

Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.

Strong analytical skills and ability to prioritise and multitask.

Ability to prioritize and effectively manage competing priorities and projects.

Ability to manage multiple initiatives while adhering to strict deadlines.

Able to work extremely well under pressure while maintaining a high level of professionalism

Self-motivated person with desire to go above and beyond tasks

Transferable skills, like communication and decision-making, are equally important.

Being able to think on your feet and show good judgment are especially valuable in this field. \xe2\x80\x9cSecurity pros should always be ready to react to cyber-related incidents quickly.

For more information about TEEMA and to consider other career opportunities, please visit our website at

TEEMA