Oracle • Kitchener, ON N2A 0A1
Job #2695006805
Job Description
The Senior Security Incident Response Analyst is tasked with supervising our security tools, performing investigations of raised notable events, and performing our processes. This role will also be responsible for supplying the SOC Security Tools and detection roadmaps and collaborating with the SOC Management team and external teams on key initiatives.
This opportunity requires a few days a week in the Kitchener, Ontario office with Sec Ops peers
Career Level - IC3
Responsibilities
Performing investigation of intensified notable events
Initial collection of evidence related to called-out security events
Collection of evidence related to compliance audits
Validation and regular review of processes and procedures
Identification, issue, and follow-up on false positives
Process initial mitigation and containment procedures
Create and maintain reporting related to security events
Coordinate with service and operations teams to validate security events and anomalous activity
Resolve and report on possible causes of security events and alerts
Operate security tools for continual monitoring and analysis of system/network activity to identify malicious activity
Assist in the construction of security alerts and processes based on knowledge gained from daily monitoring and triage
Advise designated managers, and responders of suspected cyber incidents including the event's history, status, and potential impact
Supervise external data sources to maintain basic knowledge of threat conditions
Recognize a possible security violation and take appropriate action to raise the incident, as required
Knowledge
Solid grasp of:
Computer networking concepts and protocols, and network security methodologies
Host/network access control mechanisms
Intrusion detection methodologies and techniques
How traffic flows across the network (TCP/IP, OSI, ITIL)
System and application security threats and vulnerabilities
Types of network communications (LAN, WAN, MAN, etc)
File extensions (.zip, .sh, .pcap, .bat, .dll, .py, etc)
Interpreted and compiled computer languages
Common charge vectors
Attack classes (passive, active, insider, distributed, etc)
Incident response and handling methodologies
Authentication, authorization, and access control methods
Information technology (IT) security principles and methods
Network traffic analysis methods
Operating systems
Cyber attackers
Defense-in-depth principles
System administration, network, and operating system hardening techniques
Cyber attack stages
Network security architecture concepts
Windows/Unix ports and services
Operating system command-line tools
Network protocols
Running knowledge of cyber threats and vulnerabilities
Understanding security events related to:
Operating system (Linux and Windows) logs
Database logs
VPN logs
Knowledge of adversarial tactics, techniques, and procedures
Understanding the use of the following:
Network tools (ping, traceroute, nmap, etc)
Host base tools (Tanium, basic Linux and Windows native tools)
SIEM (Splunk, ELK, Lumberjack, Splunk Enterprise Security, etc)
Understanding of cybersecurity and privacy principles and related organizational requirement
Skills
Detecting host and network-based intrusions via intrusion detection technologies
Using protocol analyzers
Recognizing and categorizing types of vulnerabilities and associated attacks
Reading and interpreting signatures
Conducting trend analysis
Evaluating information for reliability, validity, and relevance
Identifying cyber threats that may jeopardize the organization and/or partner interests
Preparing and presenting briefings
Providing analysis to aid writing phased after action reports
Using Boolean operators to construct simple and sophisticated queries
Using multiple analytic tools, databases, and techniques
Using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches
Applying virtual collaborative workspaces and/or tools (Zoom, JIRA, Confluence, Oradocs, Slack, etc)
Performing packet-level analysis
Using a SIEM to detect, research, and perform initial triage of security events
Exercising good judgment in calling out security events
Abilities
Think critically
Ability to think like threat actors
Apply techniques for detecting host and network-based intrusions using intrusion detection technologies
Interpret the information collected by network tools
Recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists
Effectively collaborate with virtual and remote teams
Evaluate information for reliability, validity, and relevance
Exercise judgment when policies are not well-defined
Function reliably in a dynamic, fast-paced environment
Ability to function in a collaborative environment, seeking continuous consultation with other analysts and guides, both internal and external to the organization, to demonstrate analytical and technical expertise
Recognize and mitigate cognitive biases that may affect analysis.
Other Requirements and Expectations
Other tasks and duties as assigned
Work effectively within a remote team including effective, constant, and collaborative communication with all members of the NSGBU SOC
Range and benefit information provided in this posting are specific to the stated locations only
null
Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.
About Us
As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's problems. True innovation starts with diverse perspectives and various abilities and backgrounds.
When everyone's voice is heard, we're inspired to go beyond what's been done before. It's why we're committed to expanding our inclusive workforce that promotes diverse insights and perspectives.
We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.
Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.
We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +~~~, option one.
Disclaimer:
Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.
*** Which includes being a United States Affirmative Action Employer**
Oracle • Mississauga, ON L4T 0A1 Canada • Yesterday
Oracle • Mississauga, ON L4T 0A1 Canada • Yesterday
Oracle • Mississauga, ON L4T 0A1 Canada • May 11
BlackBerry Corporation • Waterloo, ON N2J 0A1 Canada • Apr 26
BWX Technologies, Inc. • Cambridge, ON N1P 0A1 Canada • Apr 26
HP Inc. • Kitchener, ON N2A 0A1 Canada • 5 Days Ago
IDEX • Waterloo, ON N2J 0A1 Canada • Apr 26