SOC Cybersecurity Analyst (L3)

Company Description

Wepoint is the architect of major transformations for businesses and public sector organizations.

We support our clients from strategy through technological implementation, always striving to think beyond the obvious and to act within the framework of Economic, Social, Environmental, and Technological Responsibility (RESET). Our goal is to create new ways of working, new economic models, and smarter environments.

In nearly 20 years, we have become one of the key players in digital transformation, employing 3,500 people across Europe, Tunisia, North America, and the Asia-Pacific region.

What We Are Looking For

COURAGE – AUTHENTICITY – OPENNESS – COMMITMENT – ELEGANCE

Do these words resonate with you? They are our company values.

At Wepoint, we are looking for committed talents who are ready to share their expertise within open and collaborative teams, and who are not afraid to take initiative. We also value people who are able to challenge themselves and continuously improve.

At the heart of relationships at Wepoint are authenticity and the constant pursuit of excellence for our clients — this is what we expect from our future colleagues.

Job description

The L3 Production Cybersecurity Analyst position will provide security expertise to the 24/7 Security Operations Center (SOC). The main objective of this position is to contribute to the coordination and reporting of cyber incidents affecting the bank's critical assets by detecting, preventing, and responding to cyber threats targeting our group's infrastructure. This role provides essential support to the company-wide cybersecurity program through regional partnerships with our various business lines and, externally, with our customers, partners, and regulators.

As a Cybersecurity Analyst, you are not only responsible for real-time monitoring, analysis, and resolution of identified security incidents, but also for the development and continuous improvement of the capabilities of the 24/7 SOC, the first line of defense for identifying potential information security incidents.

Responsibilities

• Provide analysis and monitoring of security log trends from numerous heterogeneous security devices;

• Be responsible for the development and validation of use cases;

• Provide incident response (IR) support or escalate when analysis confirms an actionable incident. Provide threat and vulnerability analysis and security consulting services;

• Develop a threat hunting program and capabilities;

• Analyze and respond to previously undisclosed software and hardware vulnerabilities;

• Investigate, document, and report on information security issues and emerging trends;

• Conduct threat hunting activities to identify potential adversaries present in the network;

• Perform analysis on compromised systems to identify the extent and nature of the compromise and provide remediation recommendations;

• Provide support and/or conduct research for any security-related questions or incidents;

• Perform tasks independently with a certain level of supervision;

• Integrate and share information with other analysts and teams;

• Monitor internal bank sources that may indicate security incidents, health alerts from monitored solutions, and requests for information (real-time channels or dashboards, periodic reports, email inboxes, helpdesk or other ticketing systems, phone calls, chat sessions);

• Follow incident-specific procedures to triage potential incidents, validate and determine necessary mitigation measures, and keep these procedures up to date;

• Escalate potential security incidents to Level IV engineers, implement countermeasures where appropriate, and recommend operational improvements;

• Maintain accurate incident notes in the case management system;

• Maintain in-depth knowledge of the bank's technology architecture, known weaknesses, the architecture of security solutions used for monitoring, imminent and general threats identified by customer threat intelligence, and recent incidents;

• Continuously improve the service by identifying and correcting gaps (analysis procedures, playbooks, client network models), adjusting false positives, and identifying and recommending new tools, content, countermeasures, or scripts;

• Serve as a recognized expert in at least one security-related field (e.g., a specific anti-malware solution, Python programming, etc.);

• Actively seek professional development through continuous learning and aim to progress to the Analyst IV level.

• Comply with internal operational security rules and other policies.

• Carry out small ad hoc tasks/projects that may be assigned to you.

Qualifications

• Knowledge or 3-5 years of experience with the following technologies: SIEM, ELK, IDS/IPS, network and host firewalls, data leak prevention (DLP);

• Direct experience with antivirus software, endpoint detection and response (EDR) solutions, firewalls, and content filtering;

• Demonstrable experience or knowledge in incident response, log analysis, and PCAP file analysis;

• Good knowledge of network fundamentals, e.g., OSI model, TCP/IP, DNS, HTTP(S), SMTP;

• Good understanding of threat actors' methods of attack against a network: phishing, port scans, web application attacks, DDoS, lateral movement;

• Knowledge of Windows and/or Linux operating systems and investigation methods to detect signs of compromise;

• Motivation to learn and contribute to the team's ongoing development;

• Recommended certifications: GCFA, GCIH, OSCP, or equivalent;

• Excellent communication skills in English are required as the position involves communicating with stakeholders outside Quebec.

Only candidates legally authorized to work for any employer in Canada will be considered.

Wepoint Benefits

• Minimum of 3 weeks of vacation starting from the first year;

• Comprehensive group insurance with a generous employer contribution;

• Employer contribution to a group RRSP;

• Full remote work flexibility: Hybrid, Remote, or On-site;

• A warm, bright, and welcoming office offering fresh fruit, coffee, beverages, occasional meals, etc.;

• Annual IT equipment budget;

• A balanced work environment with flexible working hours;

• Career development: training and certifications, online or in-person learning, Wepoint Academy, etc.;

• An international community of experts ready to share their knowledge;

• A company culture focused on individuals’ needs and their belonging to a strong community.

#tech&security