Welcome to SITA... We lead one of the most exciting and advanced industries on earth. Around the world, nearly every passenger flight relies on SITA technology, almost every airport and airline does business with us, and it’s our job to support their operations. As the world's leading air transport IT and communications specialist, we’re committed to meeting the demands of the air transport industry around the clock, every day.
Our Vision: Easy air travel every step of the way
WHY SHOULD YOU BE INTERESTED?
With us there are no limits for people looking to explore the edges of possibility and beyond. Together, we Go.Far.
Challenge: Our people take on some of the biggest challenges in our industry. They aren't afraid to think bigger, work harder and deliver smarter solutions that are continuously transforming air travel.
Opportunity: Taking on these challenges opens up a world of opportunities for our people. We make sure they have the chance to develop their skills, explore new horizons and grow their careers on a global scale.
At SITA we believe that creating and nurturing an inclusive culture is about who we are as an organisation, and as an employer. Diversity is more than a target to us, it’s a key part out of our collective identity and values.
Benefits in the Canada
Competitive medical, dental, and vision plans
RRSPs with company matching contributions
Life and disability insurance
Incentive based wellness program
Stand by Buddy Pass Travel
To lead the development & maintenance information security handling solutions & processes. The successful candidate will directly interact with business stakeholders on the topic of information security incident response.
Team Lead - Security Analysts will work within the Security Operation Center (SOC) on identifying, analyzing, evaluating risk, and acting upon security threats across a complex and disperse IT estate.
Analysts will carry out threat analysis and handling process to ensure the efficient and timely mitigation of security threats, as well as understanding the threats’ risks and potential business impacts of both threats and mitigation measures. By leveraging the SIEM and the current security toolset, the SOC team members are expected to investigate security issues and conduct root analysis, as well as resolving or escalating security incidents. Their responsibilities also involve communicating the agreed action plan and to do the follow-up with the resolver groups, clients and production teams.
The Security Operations Center is a 24/7/365 operation and the analysts might be required to work shift patterns.
Your role will involve:
Monitoring security logs sources and alerts from the SIEM and other threat detection systems for threats activity. Interpreting, analyzing and making recommendations for resolution.
Hunting potential internal and external threats and developing detection mechanisms and reports.
Handling security incidents in line with the incident response processes.
Assuring the prompt and adequate follow-up on priority action items with resolver groups.
Producing security incidents reports and recommendations.
Following, maintaining and helping in the evolution of the SOC processes and procedures, including use case, SOP, etc.
Working with resolver groups to evaluate and recommend new security practices and solutions.
Providing security advices and promoting security awareness to other IT teams and clients.
Working actively on evolving our threats detection and team efficiency by acting on noise and false positive.
Helping in the production of threat intelligence and IoC by leveraging threats information from past incidents, sandboxes reports, malware reversing and data forensic.
Experience, Knowledge and Skills:
We would like it if you have the below qualifications:
- Significant experience working within a mature SOC organization or as a security threat analyst in an equivalent security environment.
- Experience in Leading SOC technical resources.
- Strong experience of SIEM technologies, endpoint protection, IDS and other security technologies (preferable Elastic Search / ELK solution stack)
- High level of analytical and problem-solving skills.
- Experience in information technology in Windows servers, Linux or network.
- Excellent understanding of system, and application logs from a variety of platforms, from firewall, domain controllers to IDS, etc.
- Technical expertise in multiple security technologies is a must, as is extensive security incident handling experience.
- Good knowledge of threat intelligence data, IoC, threat actors, kill chain, Stix/Taxii, etc.
- Having experience in the pen testing/ethical hacker field is a plus.
- Functional skills with regex, IDS signature, SPL and SQL is a plus.
- Skills in network analysis, sandboxing, malware reversing or forensic is an asset.
- Experience with IT compliance assessments (Iso27k etc.).
- Proven knowledge of SIEMs & log collection systems (McAfee, Arcsight, Splunk, Elastic, AlienVault, QRadar)
If you apply, we will carefully review your fit against the position criteria and feedback to you. If your profile does not meet the criteria, we will retain your profile as an active applicant for future consideration. If you need direct support, you can contact me on firstname.lastname@example.org Thanks for your interest in SITA.
- Has successfully completed a bachelor’s degree in computer science, Computer Engineering, Information Technology or can demonstrate equivalent work experience in a network security profession
- Certified Information Systems Security professional (CISSP)
- Global Information Assurance Certifications (GIAC) e.g. Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Certified Enterprise Defender (GCED) or other relevant GIAC certifications.