Senior Security Consultant- Threat Management
- Mississauga, ON, Canada
At Optiv, we’re on a mission to help our clients make their businesses more secure. We’re one of the fastest growing companies in a truly essential industry.
In your role at Optiv, you’ll be inspired by a team of the brightest business and technical minds in cyber security. We are passionate champions for our clients and know from experience that the best solutions for our clients comes from working effectively together. As part of our team, your voice matters, and you will do important work that has impact--on people, businesses and nations. Our industry and our company are advancing quickly, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.
The Senior Security Consultant is responsible for the investigation effort to detect, contain and remediate high-profile and high-sensitivity incidents. The Senior Security Consultant will be engaged after multiple levels of incident review and triage to provide incident response support for confirmed major incidents. The Senior Security Consultant will conduct activities such as malware triage, host live response, complex log review & analysis, and network forensics to respond to the most advanced attacks facing us. Additionally, the Senior Security Consultant is responsible for providing recommendations for additional enhancements to detective controls, improvement of incident response procedures, and internal development/skill-building to keep sharp for the next big threat.
Accountable to lead the response effort for major security incidents, identify and triage threats, do research and manage intake from internal customers.
• Lead and coordinate the investigation effort for complex cyber security incidents from initial escalation through post-mortem reporting
• Conduct live response analysis, dead-disk forensics, network analysis, complex log analysis, and malware triage in support of incident response investigations
• Share findings and identify action items in cooperation with external teams such as Privacy, Fraud, Application Development, and Legal to detect, contain and remediate incidents
• Build scripts, complex queries, tools, methodologies and more to rapidly identify and respond to advanced threats facing clients
• Identify key attributes of attacker tools, tactics and procedures (TTPs) and develop Indicators of Compromise (IoCs) for use in future detective controls
• Effectively communicate findings, opportunities and challenges to both experienced technical resources and executive audiences
• Develop clear technical reports at the conclusion of major incidents and document findings in team knowledge repository
• Serve as Subject Matter Experts for cyber security incidents in meetings with internal and external teams
• Provide assistance in training and development of junior team resources, the Cyber Security Operations Centre (CSOC) and Financial Crimes Fusion Centre (FC^2)
• Work with internal Red Team through Purple Exercises to enhance detective controls to locate advanced attacker TTPs
• Bachelor's degree or College Diploma in Computer Science, Information Security or other related fields
• Completion of relevant Security or Technical certifications including CCNA, GCIH, GREM, GCFA, GCFE, OSCP is preferred.
• Knowledge or experience with Cyber Incident Management programs
• Minimum 4 years of Enterprise Incident Response and/or Security Operations Centre experience
• Minimum 4 years of experience with standard Enterprise-class security stack (Firewall, IDS/IPS, Antivirus, SIEM, Web Proxy, Web Application Firewall)
• Functional knowledge of Cyber Security and Incident Response foundations, theory, terminology (Kill Chain, TTPs, APT, Threat Hunting)
• >1 year operational experience with Splunk, ELK/Elastic, or similar log aggregation and log analysis platforms
• >1 year operational experience with at least three of the following:
- Dead-disk Forensics
- Live Response Collection & Analysis
- Log Analysis-based Investigation
- Network Traffic Analysis using Firewall, Web Application Firewall (WAF), Network Security Monitoring (NSM) stack
- Static & Dynamic Malware Analysis
- Scripting language experience (Python, Ruby, Perl, GO) for development of tools and IR enablers
- Hands-on penetration testing of Enterprise-class organizations
- Unix and Windows Administration
Why you’ll love it here:
If you are seeking a culture that supports growth, fosters success and moves the industry forward, find your place at Optiv! Optiv’s mission is to deliver comprehensive, integrated cybersecurity programs to optimize customer security programs to be more effective, efficient, manageable and measurable. Our aim is to become the world’s largest cybersecurity solutions integrator by leveraging our expertise in security technology, market leading services, and innovative approaches. We have served more than 12,000 clients of various sizes across multiple industries, we offer an extensive geographic footprint, and have premium partnerships with more than 350 of the leading security product manufacturers. Optiv is a privately-held company backed by KKR, a leading global private equity firm.
With Optiv you can expect:
- Entrepreneurial and collaborative environment
- A competitive total rewards program
- Professional training opportunities
- Engaging and fun culture
- Opportunity to work with industry leading, talented peers