CGI Global SOC Level 2 Analyst

Category: Cyber Security Consulting
City: Useita paikkakuntia, Uusimaa, Finland
Position ID: J1118-0015
Employment Type: Full Time

Position Description

The Advanced Threat Management L2 Analyst works as a part of the Global Advanced Threat Management Office (ATMO) which conducts cyber research, threat hunting, incident response, forensics analysis, red team operations, malware reverse engineering and innovations.

Our ideal candidate should be able to demonstrate a thorough understanding of Cyber security and in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, threat actors and forensics methodologies and tools. The candidate shall keep up to date on any advanced cyber concepts.

The ATMO is CGI’s global corporate multi-disciplinary team of highly skilled experts across various geographies with primary objective to manage advanced cyber security threats.

This is a Finland-based position and only available for Finnish nationals. Work can be performed from any suitable CGI office in Finland with limited travel.

The ATMO L2 Analyst will directly report to the ATMO Blue Team/Operations Director in the UK.

Key Requirements

Level 2 Analysts are expected to have all the following competencies:
• The ability to operate CGI Bespoke Tooling including:
o Monitoring for alerts
o Investigate alerts
• The ability to complete a security investigation based on prescribed steps
• The ability to operate in CGI’s ITSM Remedy system:
o Open, search and manage incident tickets
• Knowledge of IT Service Management with specific emphasis on Incident Management
• Knowledge of networking and the ability utilize that knowledge in an investigation. Key concepts including but not limited to:
o Source and Destination IP addresses
o NATing and Ports
o TCP versus UDP
• Knowledge of the Windows and Linux operating systems, including but not limited to:
o Awareness of event logs and event log IDs
o Patch management
• Awareness of CGI’s IT Operations
o High-level organizational structure and organization unit purpose and responsibilities
• Awareness of vulnerability management and CVE numbers
• Awareness of common security products such as: NIDS/NIPS, HIDS/HIPS, WIDS, Endpoint Security, Advance Threat Protection
• Awareness and limited ability utilize common web-based 3rd party tools such as VirusTotal and MXToolbox
• The ability to complete a security investigation to the required standards of the GSOC as defined within GSOC playbooks and operational documentation.
• The ability to operate and perform security investigations by:
o Accessing CGI’s security platform consoles to gather additional data.
o Direct log file gathering from devices as defined in GSOC processes and playbooks.
• The ability to analyse log files
• The ability to update security investigation documentation such as Triage Steps and Playbooks
• Intermediate to Advanced level skill with at least one, or more of the following:
o Networking
o Windows OS
o Linux OS
• Effective communication skills that are effective towards mentoring. This includes communication that is clear and effective, both written and oral
• An ability to operate with less supervision including the capability to prioritize, determine areas for improvement and initiate the improvement
• Awareness of security related industry standards and best practices
• The ability to complete a security investigation to the required standards of the GSOC as defined within GSOC playbooks and operational documentation.

Required qualifications to be successful in this role

The candidate must have some of the following:

• Understanding of networking fundamentals (all OSI layers, protocols, etc.)
• Understanding of Windows/Linux/Unix operating systems.
• Understanding of Incident Response methodologies and tools.
• Understanding of operating system and software vulnerabilities and exploitation techniques.
• SIEM Experience (e.g. Arcsight, Splunk, Logpoint)
• Host analysis Experience with Forensics/EDR tools (enCase, FireEye, CarbonBlack, RSA ECAT, Crowdstrike, Endgame)
• Network analysis experience with Network sensors (FireEye, Cisco, Fortinet, TrendMicro)
• Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering)
• Experience of utilising threat intelligence sources
• Penetration testing experience
• Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines.
• Scripting languages: Python, Bash, Powershell
• User investigations, behavioural analysis technology and or processes

Desirables:

• Degree in IT Security, Engineering or Technology related fields a major plus.
• Knowledge of malware packing, obfuscation, persistence, exfiltration techniques.
• Experience with tools: IDA Pro, radare2, OllyDbg, WinDBG.
• Experience using other big data analysis platforms and the development of advanced queries used to interrogate big data sources.
• Experience with Machine Learning & Artificial Intelligence

What you can expect from us

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at www.cgi.com.

No unsolicited agency referrals please.

CGI is an equal opportunity employer.