This job posting has expired.

Here are some similar positions.

Security Operations Specialist

November 21 2021
Industries Education, Training
Categories Information Technology, Security, Continuity, Risk
Kingston, ON

The Information Technology Services department of Queen's University is growing its cybersecurity operations unit and requires a Security Operations Specialist to join this dynamic team. This role investigates cyber risk and collaborates with information technology professionals and a diverse client base to manage and reduce risk. The Specialist develops and deploys security monitoring routines. This role also facilitates the remediation of identified vulnerabilities to the Queen's digital environment and takes the lead when documenting the remediation options, recommendations and outcomes.

The University's digital assets and environment are of critical importance to its reputation and success and the University community has committed significant resources to develop and implement new initiatives, and augment existing programs, to safeguard these assets. In this role, you will have the opportunity to influence the direction and success of these initiatives and programs. You will assess the current security monitoring and risk management tools and methods and use your considerable research and influencing skills to introduce and adopt new tools and standards where needed.

If you understand the importance of a secure digital environment, if you have experience identifying trends and/or anomalies in large volumes of data, and if you are the one that everyone looks to when searching for "the needle in the haystack", then we have a place for you on our team. Take the first step and apply today.

• Participates in the functional design, implementation, and oversight of the security operations capability in support of Queen's policies and practices.
• Participates in the delivery of enterprise operational security services, including the collection of cyber-threat intelligence, security vulnerability management, perpetual scanning (VA), logging and monitoring, SIEM, event correlation, DDoS detection and mitigation, operational metrics and reporting, as well as specialized security needs and services pertaining to the Queen's network.
• Participates in the development of cybersecurity operations capabilities and activities, which may include security architecture, design and requirements, operationalization, maintenance, governance, and risk management.
• Anticipates security breaches and remains up to date on intelligence, including hackers' methodologies; maintains high degree of knowledge by tracking trends and best practices.
• Provides input into compliance requirements, technical security leadership including design solutions, security training material, workshops and communication updates.
• Develops and deploys security monitoring use cases.
• Triages and analyzes security events in order to prioritize and escalate alerts that exceed the SIEM threshold.
• Analyzes cybersecurity events and incidents to determine the root cause and apply the appropriate mitigation measures as outlined by Queen's incident response plan.
• Creates scripts and implements tools to automate and develop a variety of configuration and update tasks including signature updates, rule changes, and policy updates on security devices.
• Assists in the delivery of security assessments to ensure compliance with security policies, standards and procedures, and work with the various areas in taking corrective actions on any identified security exposures found.
• Assists in the delivery of vulnerability assessments to ensure compliance with security policies, standards and procedures, and takes corrective action to mitigate identified security vulnerability.
• Collaborates with diverse groups of internal and external IT teams and key stakeholders by interacting effectively and persuasively to investigate and resolve enterprise-wide security violations.
• Participates in the development and management of security metrics for cybersecurity operations, with the aim of strengthening the security posture of the University.
• Creates, maintains and publishes security documentation.
• Participates in change review boards as requested; reviews network security requirements for firewall changes, data encryption and other network security measures to ensure access and authorization controls are in place.
• Researches more effective security processes and implements application/processes that prevent data loss and service interruptions.
• Works occasional extended hours and an on-call rotation outside regular work hours.

• University degree in computer science or related field combined with a minimum of 3 years experience in a cybersecurity or information security role.
• Professional certifications such as ITIL, ISACA, ISC2 CISSP, CEH, PCIP, SANS GIAC GSEC are considered an asset.
• Experience in cybersecurity, in a multi-platform environment, in three or more areas: web applications, cloud computing, SaaS models, desktop applications, networking concepts; fluent in multiple Windows and Linux operating systems.
• Experience with enterprise-wide network security, operating system security, Internet/web security, DLP, anti-malware, IDS/IPS, penetration & vulnerability testing, cyber security and the ability to read and understand vulnerability bulletins, and security event data.
• Experience with troubleshooting network encrypted protocols: HTTPS, TLS, PPP, Kerberos and Enterprise certificate management.
• Demonstrated technical proficiency in the implementation and maintenance of multi-user Windows and Linux computer systems.
• Experience analyzing security events and exploits with an in-depth knowledge of security event management, network monitoring, log collection and correlation and a good understanding of SIEM technology from architecture and engineering perspectives.
• Experience with scripting languages: Java, Powershell, Unix scripting and Perl.
• Experience with information security standards and frameworks: PCI DSS, NIST CSF, ISO27001, etc.
• Knowledge of Lightweight Directory Access Protocol (LDAP), Radius, Single Sign On (SSO), Virtual Desktop Infrastructure (VDI), databases, Active Directory and web stacks on Linux and Windows.
• Consideration may be given to an equivalent combination of education and work experience.

• Working with Others: actively seeks ideas from multiple sources for consideration to improve the performance of the team(s). Shares thoughts and information with all levels of expertise. Ensures that one's own behaviour does not negatively impact others when faced with complex situations.
• Inclusivity: welcomes an inclusive environment and coach's others to address and support those who may feel vulnerable. Ensures the diverse group receives opportunities for fair treatment regardless of background.
• Communication: takes a lead role to communicate to multiple audiences and easily explains complex information to ensure the message is understood.
• Customer Service and Support: actively engages the customer or team member and evaluates their needs in a timely manner. Establishes plans and organizes work to meet or exceed the deadlines. Periodically, conducts plan reviews and provides an update to client/customer and recommends any process efficiencies.
• Planning/Organizing: takes an active role in analyzing problems regarding resources/deliverables that may impact deadlines or standards and escalates for discussion and resolution. Plans medium-term requirements and provides insight into scope of potential problems and identifies possible solutions.
• Continuous Improvement: leads a team(s) and together they identify ways to improve department processes, and quality of customer service. Solicits feedback from multiple sources to identify ways to become a more highly functioning team. Actively participates in continuous learning and sets the department standard.
• Attention to Detail: takes a lead role to implement efficient systems to ensure that high quality work is consistently maintained by self and others. These actions include careful monitoring of work that meets standards and project plan deadlines.
• Adaptability and Support for Change: takes an active role to positively support team members through change. Supports change by generating new ideas and offering suggestions that will benefit the team.

• Formulates, evaluates and implements solutions to problems, alone or cooperatively with senior staff and/or IT Services staff.
• Assesses the nature of a request and assists the customer as appropriate.
• Confidentiality is paramount; therefore, aptitude to differentiate what information is sharable, when, and with whom.
• Determines when to involve senior staff in resolving complex or sensitive systems problems.
• Self motivates and prioritizes workloads.
• Determines how to deal with operational problems that occur outside of working hours to avoid major customer impact.
• Assesses, determines and recommends acquisition of new software or hardware. Determines when to consult with senior staff or supervisor and escalates as required. network