Reporting to the Lead, IT Security Architecture and Ops, the IT Technical Consultant will assist in design, configuration, maintenance of Network Security Infrastructure. The successful candidate will work closely with IT Security Architecture and Ops teams; as a business enabler and service provider, the IT Technical Consultant will assist in the identification of effective solutions to meet the goals of the department and recommend business and technical process redesigns which maximize efficiencies and align with operational goals for the organization.
The Incumbent is expected to behave ethically and follow the established code of business conduct, policies and internal control procedures, laws and regulations governing Toronto Hydro.
Successful candidates must possess the following competencies and will be pre-screened for those bolded, prior to the interview portion of the selection process. Competencies are listed in order of significance.
- Participate in real-time network security event monitoring and response
- Implement changes on network security devices following established change management process
- Provide second-level, detailed threat and vulnerability analysis based on data collected from network security devices such as firewalls, IPS/IDS, servers and endpoints
- Provide support for Incident Response (IR) investigation when analysis confirms an actionable incident
- Identify actionable indicators of compromise through analysis of network forensic data
- Analyze and respond to previously undisclosed software and hardware vulnerabilities
- Research and analyze events to determine classification, correlation, and root cause of problems
- Identify emerging threat tactics, techniques and procedures used by malicious cyber actors and publish actionable threat intelligence for business and technology management
- Assist with root cause analyses for events and/or incidents when underlying issues are unknown
- Applies and ensures compliance with all appropriate security standards and adherence to regulatory access management controls
- Reviews and assesses operational processes to identify opportunities for improvement related to provisioning / de-provisioning, privileged access management, authentication / authorization, etc.
- Creates and maintains accurate process documentation
- Expert working knowledge on tools & platforms such as NG FW/IPS, Snort, Suricata, Net sniff-NG, Wireshark, Network Miner, Zeek/Bro IDS, packet Capturing infrastructure, Sysmon, ELK and other network security and enterprise security monitoring tools.
- Act as support for the Network Security platforms, providing advanced assistance to end users (Security Operations and IT Helpdesk) and liaising with application vendor’s support when necessary.
- Determine solutions to and remediation of issues relating to security technologies, taking ownership of incident and problem tickets and driving to resolution.
- Manage future Security solutions acquisitions including related equipment, installation, configuration, management and operational support.
- Support and resolve service tickets that relate to network security technologies that are used by IT Security Ops team
- Follow Toronto Hydro’s ITIL processes (Problem, Request, Incident & Change Management)
- Identify areas for continuous improvement, and mature existing security solutions to maximise risk reduction and business alignment.
- Updating and management of technical documentation as required, including knowledge base articles, departmental processes and standard procedures
- Any other required activities within the scope of this role
- Post-secondary Degree/ Diploma (University or College)
- Minimum 5 years’ experience in Information Technology (IPS/IDS, Next Gen Firewalls, VPN, WAF)
- Relevant certifications e.g. CISSP or CCNP will be an asset
- Experience (working knowledge and troubleshooting) with IPAM (DNS, DHCP)
- Threat hunting capabilities, including but not limited to, Network Capture and traffic analysis, IDS/IPS functionality, log review and analysis and correlation of events in SIEM
- Nice to have experience in implementing, managing WAF solution
- Ability to work in team environment
- Excellent written and verbal communication skills
- Ensures measures are in place to track achievements
- Innovation and creative problem solving
- Effective approach to risk management
- Strong analytical and troubleshooting skills