Cyber Security & Forensic Specialist
Reporting to the Cybersecurity Senior Director, the Cyber & Forensic Security Specialist is responsible for overseeing the forensic practice, provide investigation assistance, make forensic acquisitions support the technical and tactical threat intelligence tasks as well as the Red Team and threat hunting tasks within the Global Security group of SNC-Lavalin.
The incumbent will be required to get a Security Clearance in order to work on specific mandates.
- Oversee the forensic practice
- Manage the e-Discovery platform (Relativity)
- Perform forensic acquisition tools
- Based on analysis of OpenSource Intelligence, private sources, internal security events and incidents, extract relevant and actionable intelligence that will then be used to:
- inform management and provide recommendations to mitigate active cyber threats;
- enrich risk models;
- scope red teaming and threat hunting processes;
- share relevant intelligence internally, with peers or industry partners.
- Based on analysis provided by threat intelligence processes:
- Perform Red Team exercises simulating techniques, tools and procedures used by threat actors identified then provide recommendations to mitigate the weaknesses identified;
- Perform threat hunting exercises to detect threats that evaded security mechanisms;
- Document the findings.
- Collaborate with other members of Global Security to improve internal tools used by the group;
- Help advise the management on threats relevant to our business and provide recommendations on how to mitigate them;
- Actively participate in the Data Protection program by conducting Risk Analysis on systems/processes that handle classified information;
- Participate in the definition of the various Cyber Security policy, norms and awareness training;
- Participate in an internal working group on Industrial Control System Security;
- Provide support to other functions of the group such as investigation, forensics and technical surveillance countermeasures.
- Bachelor Degree in Computer Sciences, Computer Engineering, Software Engineering or any other equivalent degree
- Experience in Relativity (or another eDiscovery tool)
- Cyber Security Certifications such as OSCP, a strong asset
- At least 10 years of experience in the IT field, including a minimum of 5 years’ experience in at least three of the following domains:
- Software Development
- Working in a Security Operations Centre (SOC) or in a Computer Emergency Response Team
- Penetration testing
- Application security
- Computer Forensics
- Malware Reverse Engineering
- Threat Intelligence
- Security Architecture
- Telecom and Network security
- System or Network administration in a complex multi-national network
- Experience working for a multinational corporation is an asset
- Knowledge of threat sharing tools (MISP, Soltra etc.) and protocols is an asset
- Good knowledge of application, network and operating system security
- Hands on experience in programming an important asset
- Hands on experience in assessment of compromised windows endpoints, an asset
- Strong knowledge of offensive tools and techniques
- Ability to develop, modify and adapt security tools, POCs, exploits to fit specific use cases
- Knowledge in cyber security operations, event monitoring and SIEM
- Good knowledge of exploitation or, detection of threats in Active Directory environments, an asset
- Knowledge of Linux, an asset
- Strong French and English oral and written communication skills, including communications to technical and to non-technical audiences; knowledge of additional languages, an asset
- Strong analytical and problem-solving skills
- Ability to work independently, to handle multiple parallel tasks and to adapt to the continuously evolving cyber security field.