Incident Management Specialist

Our government client the Communications Security Establishment, requires the services of an incident management specialist. The Incident Management Specialist will be responsible for a range of activities over the next four year timeframe. 

These activities can include:

1. Aggregating, sanitizing, contextualizing and analyzing logs from the following sources:

a) Intrusion Detection Systems,

b) Firewalls,

c) End User Devices,

d) Diodes,

e) CDS Guards;

Providing written reports on any relevant findings found during the collection and analysis.

2. Conduct threat hunting activities on network and system resources, providing written reports on

any threats found on the IT infrastructure.

3. Develop signatures for intrusion detection tools.

4. Configure hosts and network appliances to forward logs to log aggregators,

5. Configure audit logging on linux and windows hosts and network appliances,

6. Install and configure log aggregators with scripted data filtering,

7. Install and configure full packet capture devices,

8. Install and configure network intrusion detection systems,

9. Develop Security Information and Event Management (SIEM) Dashboards,

10. Develop Information Security Incident Handling (ISIH) procedures for the government of Canada,

11. Prepare and/or deliver IT Security threat, vulnerability and/or risk briefings,
12. Develop course material related to IT system monitoring, including slides, course notes, practices exercises, and lab exercises.
13. Deliver developed training material to internal staff
14. Review technical documents provided by the TA and provide advice to align documents with best practices.

Must have one of the following certifications: 

• GIAC Continuous Monitoring Certification (GMON)

• GIAC Certified Enterprise Defender (GCED)

• GIAC Certified Detection Analyst (GCDA)

• GIAC Certified Incident Handler (GCIH)

• GIAC Defending Advanced Threats (GDAT)

• CertNexus Certified First Responder (CFR)

• Elastic Certified Analyst

• Elastic Certified Observability Engineer

• Splunk Core Certified Advanced Power User

• Splunk Enterprise Certified Administrator

• Red Hat Certified Engineer

• Cisco Certified CyberOps Associate

• Cisco Certified Network Professional Security (CCNP Security)

• CompTIA Cyber Security Analyst (CySA+)

• EC Council Certified Network Defender (CND)

• EC Certified SOC Analysts (CSA)

• 2 years of experience within the previous 5 years monitoring Linux systems
• 2 years of experience within the previous 8 years providing network monitoring for a classified system
• 2 years of experience within the previous 8 years in monitoring and list the specific reference architecture that was applied (NIST SP 800-53,  ITSG-33, NSA CSFC, NCDSMO CDS Design and  Implementation Requirements).
• 2 years experience in the previous 8 years in a production environment deploying, configuring, and supporting Splunk Enterprise or the Elastic Stack