Share this Job

Security Operations Center/Incident Response (SOC/IR) Specialist - Full Time - Remote - ON/BC

Apply now »

Date: Jun 10, 2022

Location: Toronto, ON, CA

Company: LifeLabs

LifeLabs is the largest community diagnostics laboratory in Canada, serving the healthcare needs of Canadians for over 50 years. Our team members are truly centred around our customers, and we know that behind every lab requisition, sample being tested, or investment in technology is an individual and their family counting on us.

 

Consistently named one of Canada's Best Employers by Forbes, LifeLabs has also been recognized for having an award-winning Mental Health Program from Benefits Canada. The passion and commitment of over 6,000 diverse and innovative team members unites and motivates us to ensure our customers receive high quality tests and results that they can trust. Agile, customer-centred, caring and teamwork: we live these values every day in what we do to support our customers and healthcare providers, driving forward our vision of empowering a healthier you.

 

Make a difference – join the LifeLabs team today!

 

REPORTS TO: Manager – Security Operations

 

PURPOSE OF THE ROLE: The SOC/IR Specialist is an experienced Cyber Security Professional with a background in cyber security policy assessment, cyber security operations, incident response, SIEM tools, as well as creating and maintaining incident response playbooks. This role will take charge of a high performing team of other security professionals and interact with stakeholders to enhance and implement new technologies, responds to threats and incidents as needed, and collaborate on providing a strategic roadmap of future security technology.

 

Core Accountabilities

  • Evaluation of critical incidents. Review alerts, threat intelligence, and security data. Identify threats that have entered the network, and security gaps and vulnerabilities currently unknown
  • Implement and manage the full SOC security tool stack as well as take ownership of and adapt incident response SOPs and playbooks
  • Efficiently gather and analyze data with these tools to detect and investigate suspicious activities, contain, and prevent them. Provide insight to potential tooling changes, as needed to adapt to threats based on threat intelligence / IOCs
  • Audit and compliance support. Review and provide recommendations on security policy and applications. Track performance and provide recommendations on improving metrics and KPIs. Preparing disaster recovery plans
  • Review of escalated tickets that require an in-depth investigation / analysis
  • Investigate, document, and report on any information security (InfoSec) issues as well as emerging trends
  • Reduce downtime and ensure business continuity by proactively notifying business stakeholders about serious security events and how to potentially mitigate the posed associated risk(s)
  • Coordinate with Engineering and Cyber Threat teams to optimize security operations
  • Provide recommendations on ways to improve the security architecture
  • Provide guidance and mentorship to junior analysts on security IR techniques, analysis, and best practice

 

Minimum Qualification and Skills

  • 10+ years’ experience supporting cybersecurity SOC operations
  • Bachelor’s degree or equivalent in Computer Science, Information Assurance, MIS or related field; Masters is a plus
  • Experience and education in one or more of the following: CEH, eCPPT, OSCP, GCFW, GCIH, IHRP, CISSP
  • Experience and education in one or more vendor certification programs such as LogRhythm Platform Administration (LRPA), LogRhythm Security Analyst (LRSA), LogRhythm Cloud Administration (LRCA) Certification, Security+, Network+, GSEC, Certified Systems Analyst, CISM, or ISO 27001
  • SOC analysis and SIEM experience with LogRhythm. Candidate should be able to write advanced LR queries, create dashboards and reports, and be knowledgeable with SIEM administration.
  • Experience in an MSSP - tiered SOC/SIEM service
  • Experience with IDS/IPS technologies such as Palo Alto Firewalls. Candidate should be familiar with rules sets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
  • Advanced Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.

 

#LI LM1 #INDEED

 

At LifeLabs, we strive to create an inclusive and equitable workplace where our team members and the communities we serve feel accepted, valued, and respected.

In accordance with LifeLabs’ Accessibility Policy, the Accessibility for Ontarians with Disabilities Act, and the Ontario Human Rights Code, accommodations are available by request for candidates taking part in all aspects of the recruitment and selection process. For a confidential inquiry or to request an accommodation, please contact your recruiter or email careers@lifelabs.com.

 

LifeLabs is committed to providing a safe environment for our employees, customers, and the communities we serve. We have been a leader throughout the COVID-19 pandemic regarding health and safety measures and have always put our employees and customers at the center of every decision that we make. As an organization in the health care sector, we believe the COVID vaccination adds a layer of protection that complements the extensive and necessary health and safety protocols that we have taken to date. With this in mind, we currently require all LifeLabs employees, contractors, students and volunteers to be fully vaccinated.

LifeLabs operates under a distributed workforce model, where employee flexibility is a key priority. Further information will be provided during the interview process on what this means for employees.


Job Segment: Systems Analyst, Operations Manager, Database, Computer Science, Information Security, Technology, Operations