Level 3 Analyst, Advanced Threat Management
The Level 3 Analyst is member of the CGI Global Advanced Threat Management Office (ATMO). ATMO directs Advanced Threat Management (ATM) activities with a worldwide virtual team of qualified and highly skilled analysts in CGI's Global Security Operation Center (GSOC). This is a core position in the GSOC protective monitoring team (Blue Team), responsible for responding to escalated threats and events from their Level 2 analyst colleagues, and responsible for conducting advanced threat hunting as directed by the threat hunting lead.
Your future duties and responsibilities
• Monitor for alerts generated and escalated by GSOC monitoring technologies or escalated by Level 2 analysts or as identified individually.
• Research, consultation with colleagues and training to maintain awareness of trends in new security threats, technologies and regulations
• Monitor Automated tool output and conduct spot checks for accuracy of outputs.
• Analyze and respond to security events and incidents from monitoring technologies or escalated by Level 2 analysts or as identified individually.
• Mentor Level 2 analysts and review and advise on Standard Operating Procedures (SOPs) and training documentation as required.
• Work with CGI’s ITSM system during Incident Handling and Triage
• Determine and classify the severity of alerts and assess potential impacts as classification defined in knowledge base Report potential security incidents
• Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and sets the priority accordingly
• Validate Triage conducted by L2 analysts and automated tools
• Perform Advanced Digital Forensics Analysis, Reverse Engineering, Dynamic, Static, Host based or Network analysis as required during an investigation. *Note not all L3 Analysts are expected to be experts in all of the aforementioned fields, they should be able to cover the majority however.
• Act as the senior subject matter expert where required during security incidents.
• Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization.
• Provide ideas and feedback to improve the overall SOC capabilities or maturity (focus on people and processes).
• Work until incident resolution or as directed by the Head of Blue Team Operations
• Utilize, contribute and be a leader on threat intelligence knowledge.
• Perform advanced threat “Hunting” for unknown cyber security events in order to find, identify and categorize advanced cyber threats.
• Be a recognized senior expert within your region or business unit.
Required qualifications to be successful in this role
Education, Experience and Certifications:
• Minimum of 3 years’ experience in working in a similar Cyber Security role or associated discipline.
• Proven certifications in cyber security related disciplines. E.g. SANS Qualifications/Certifications
• The ability to complete complex security investigations to closure.
• Determine sources of information required to complete an investigation and assemble and correlate those information sources
• Intermediate to advanced abilities in three or more of the following:
‒ The ability to operate and optimize the configuration or make recommendations on any of CGI’s security defence platforms
‒ The ability to write scripts that can be leveraged by other analysts to conduct and complete investigations
‒ The ability to security investigate and reverse-engineer suspicious files
‒ Expert-level knowledge of the Windows operating system and common applications including common areas of vulnerability and attack
‒ Expert-level knowledge of Unix/Linux operating system and accepted server hardening approaches
‒ Expert-level knowledge in Networking including secure architecture and design concepts as well as detailed TCP/IP knowledge
‒ Expert-level knowledge of forensics including law enforcement requirements and concepts such as chain of custody.
• Self-directed and has the ability to take on improvement initiatives
• The ability to mentor less experienced analysts and assist with career development
• Knowledge of industry standards and best practises
This role can be located in any CGI office location across Canada: https://www.cgi.com/en/offices?field_address_country_code=CA
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com.
No unsolicited agency referrals please.
CGI is an equal opportunity employer.