LifeLabs is the largest community diagnostics laboratory in Canada, serving the healthcare needs of Canadians for over 50 years. Our team members are truly centred around our customers, and we know that behind every lab requisition, sample being tested, or investment in technology is an individual and their family counting on us.
Consistently named one of Canada's Best Employers by Forbes, LifeLabs has also been recognized for having an award-winning Mental Health Program from Benefits Canada. The passion and commitment of over 6,000 diverse and innovative team members unites and motivates us to ensure our customers receive high quality tests and results that they can trust. Agile, customer-centred, caring and teamwork: we live these values every day in what we do to support our customers and healthcare providers, driving forward our vision of empowering a healthier you.
Make a difference – join the LifeLabs team today!
REPORTS TO: Manager – Security Operations
PURPOSE OF THE ROLE: The SOC/IR Specialist is an experienced Cyber Security Professional with a background in cyber security policy assessment, cyber security operations, incident response, SIEM tools, as well as creating and maintaining incident response playbooks. This role will take charge of a high performing team of other security professionals and interact with stakeholders to enhance and implement new technologies, responds to threats and incidents as needed, and collaborate on providing a strategic roadmap of future security technology.
- Evaluation of critical incidents. Review alerts, threat intelligence, and security data. Identify threats that have entered the network, and security gaps and vulnerabilities currently unknown
- Implement and manage the full SOC security tool stack as well as take ownership of and adapt incident response SOPs and playbooks
- Efficiently gather and analyze data with these tools to detect and investigate suspicious activities, contain, and prevent them. Provide insight to potential tooling changes, as needed to adapt to threats based on threat intelligence / IOCs
- Audit and compliance support. Review and provide recommendations on security policy and applications. Track performance and provide recommendations on improving metrics and KPIs. Preparing disaster recovery plans
- Review of escalated tickets that require an in-depth investigation / analysis
- Investigate, document, and report on any information security (InfoSec) issues as well as emerging trends
- Reduce downtime and ensure business continuity by proactively notifying business stakeholders about serious security events and how to potentially mitigate the posed associated risk(s)
- Coordinate with Engineering and Cyber Threat teams to optimize security operations
- Provide recommendations on ways to improve the security architecture
- Provide guidance and mentorship to junior analysts on security IR techniques, analysis, and best practice
Minimum Qualification and Skills
- 10+ years’ experience supporting cybersecurity SOC operations
- Bachelor’s degree or equivalent in Computer Science, Information Assurance, MIS or related field; Masters is a plus
- Experience and education in one or more of the following: CEH, eCPPT, OSCP, GCFW, GCIH, IHRP, CISSP
- Experience and education in one or more vendor certification programs such as LogRhythm Platform Administration (LRPA), LogRhythm Security Analyst (LRSA), LogRhythm Cloud Administration (LRCA) Certification, Security+, Network+, GSEC, Certified Systems Analyst, CISM, or ISO 27001
- SOC analysis and SIEM experience with LogRhythm. Candidate should be able to write advanced LR queries, create dashboards and reports, and be knowledgeable with SIEM administration.
- Experience in an MSSP - tiered SOC/SIEM service
- Experience with IDS/IPS technologies such as Palo Alto Firewalls. Candidate should be familiar with rules sets, monitor IDS/IPS events, and monitor IDS/IPS functional operational status.
- Advanced Experience with the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.