Analyst l, Cyber Threat and Vulnerability Management (Perm)

$47.73 - $56.27 hourly
  • Toronto District School Board
  • Hybrid (1 Civic Centre Court, Toronto, ON, Canada)
  • Sep 17, 2024
Full-Time Administrative Support IT

Job Description

No.: CUPE C-24-0158UE

POSTED: September 17, 2024

DEADLINE: 4:30 p.m. October 11, 2024

Analyst l, Cyber Threat and Vulnerability Management

1 – Permanent Position

Information Technology Services

CUPE Local 4400 Unit C - Grade O (12 Month)

$47.73 – $56.27 per hour

 

The Toronto District School Board adheres to equitable hiring, employment and promotion practices.

Reporting to the Senior Analyst, IT Security Threat Management, the Analyst I, Cyber Threat and Vulnerability Management will assist the Senior Analyst to ensure that the Cyber Threat and Vulnerability Management functions are managed and carried out.

 

The Analyst 1, Cyber Threat and Vulnerability Management will ensure that the Cyber Threat and Vulnerability are managed in accordance with the TDSB security and risk tolerance including the functions to ensure safety and security of the users along with availability, confidentiality and integrity of the technology assets including the data contained within.

Summary of Duties:

Ø  Perform Cyber Threat and Vulnerability management tasks in accordance with established programs and directed by the Senior Analyst;

Ø  Conduct regular review of Indicators of Attack (IoAs) and Indicators of Compromise (IoCs) derived from all available sources (e.g., SIEM, NGFW, Logs from Systems and Security Tools) to assess the real and material threats and vulnerabilities;

Ø  Perform ethical hacking activities on the direction of management, as well as perform programming, and related scripting duties;

Ø  Tune the SIEM to recognize real and actionable threats from security information and events collected;

Ø  Create playbooks to automate the response for actionable threats and link them to risk objects;

Ø  Optimize the collection, processing, and analysing parameters to improve the efficiency of the SIEM;

Ø  Create and evolve new/existing rules in the SIEM to accommodate new and evolving threats;

Ø  Collaborate/Support with/to other IT units to assess, neutralize and reconcile threats and vulnerabilities, and report deviation;

Ø  Perform proactive threat hunting in a systemic and iterative manner throughout the environment to detect and isolate threats;

Ø  Perform threat-based risk assessments on systems and services and effectiveness of controls;

Ø  Assess discovered/identified/obtained through subscribed feeds threat/vulnerability impact and recommend appropriate actions to reduce exposure and ensuring risks remains within the tolerance levels;

Ø  Review, develop and report on appropriate metrics for the Threat/Vulnerability Management solutions, performance, exception and compliance and ensure continuous improvements of such metrics and its affects;

Ø  Track and report threat and vulnerability mitigation efforts;

Ø  Develop and document guidelines, processes and procedures for review and approval and implement approved procedures to secure IT environment;

Ø  Liaise between departments to develop and implement approved security standards and guidelines;

Ø  Raise awareness of good security practices to all levels of the organization and perform security awareness and learning duties as directed; 

Ø  Analyze and define training requirements in security matters related to Cyber Threat and Vulnerability management for staff;

Ø  Analyze and help define appropriate controls to manage Cyber risks for approval;

Ø  Identify controls that require changing/adding based on the changes to the IT environment;

Ø  Maintain broad awareness of threat and vulnerability trends including changes to legislations and regulatory frameworks;

Ø  Advise on security practices for all IT projects as required;

Ø  Other related duties as assigned.

 

Qualifications:

Ø  University Degree in Computer Science or related field with three years progressive working experience in IT security/threat management within an Information Technology environment or an equivalent combination of education and experience;

Ø  Training and/or technical certification in Global Information Assurance in the following areas: Security Essentials, Information Security Fundamentals, Threat Hunting, Penetration Testing, Intrusion Analysis, Forensic Analysis, Perimeter Defense, Enterprise Defense, System and Network Auditing;

Ø  Experience in monitoring threat landscape, mapping potential applicable threats, and ethical hacking methodologies and tolls;

Ø  Experience with application security, and programming/scripting skills using Python, PowerShell, and other programming languages;

Ø  Experience in vulnerability assessment of end points, switches, routers, gateways, servers, storage, storage area networks, firewalls, applications, web services, cloud services, etc.;

Ø  Experience using Splunk SIEM technologies (Splunk enterprise security administration and management), O365 Security technologies, end-point detection and Response (EDR) technologies;

Ø  Experience with Azure technologies, and security products;

Ø  Experience with Google Cloud, and security technologies including email security;

Ø  Maintain currency of knowledge on current and emerging security trends, including but not limited to cloud based services, IoT, etc.;

Ø  Demonstrated ability to understand the implications of legislation, insurances and regulatory frameworks;

Ø  Understanding of IT information, process, system, technology architectures and models;

Ø  Good oral, written, interpersonal and organizational skills;

Ø  Strong analytical, reasoning and problem solving skills;

Ø  Demonstrated ability to handle matters requiring high levels of diplomacy, sensitivity and confidentiality;

Ø  Proven ability to work under pressure and consistently meeting deadlines; and

Ø  Project management and time management skills.

 

Asset:

Ø  CISSP certification

Ø  Ethical hacking certifications (e.g., OSCP, CEH), Splunk SIEM certifications, and Azure security technology certifications

 

Special Requirements:

Ø  Must provide own vehicle for Board business to travel to designated sites.

Ø  Ability to stand/walk for extended periods; and

Ø  Ability to lift boxes and cooking equipment (e.g. pots and pans) and supplies etc (up to 50 pounds).

 

Location:                1 Civic Centre Court (Wheelchair Accessible) (Hybrid Work Eligible)

 

Hours:                     35 Hours per week

 

Work Year:             12 Months

 

Please note:

 

Applications must be submitted:

1.            In résumé form with a covering letter to: Application.Submission@tdsb.on.ca

2.            With competition # CUPE C-24-0158UE in the subject line

3.            Apply no later than 4:30 pm on October 11, 2024.

 

Only applicants selected for an interview will be contacted. Applications will not be acknowledged in writing.

 

We strive to meet the accommodation needs of persons with disabilities. Applicants are encouraged to make their needs for accommodation known in advance during the hiring process.

 

The TDSB follows a hybrid work structure where some employees may be able to work remotely at times, based on operational requirements. Please refer to Policy P103, Flexible Working Arrangements for more information.

Job Reference #

CUPE C-24-0158UE

File