Specialist, Cyber Security & Investigations

Permanent - Full Time

We generate more than just power for the people of Saskatchewan. We also offer some of the best jobs in the province. Our challenging careers will help you grow, while being surrounded by a team committed to safety, openness, collaboration and accountability. We offer highly competitive salaries and benefits packages to our employees. If you’re someone who thrives in a team environment and doesn’t shy away from a good challenge, join us!

Apply no later than 05/28/2025 to be considered for this opportunity.

This position falls within the requirement for Personnel Risk Assessment to meet compliance requirements of NERC-CIP (North American Electric Reliability Corporation Critical Infrastructure Protection). A Criminal Record Check must be valid and/or completed prior to being appointed to this position and then on a recurring basis every seven (7) years.

JOB SUMMARY:

SaskPower is seeking an individual experienced in security analysis and incident response to support daily operations and help grow and mature our Enterprise Security team. This office position is located in Regina, Saskatchewan.

As a Cyber Security Specialist you are a continuous learner, who will be responsible for evolving new detection methodologies, participating in threat actor investigations, and providing expert support to incident response and Security Orchestration, Automation and Response (SOAR) monitoring functions. The focus of the Cyber Security Specialist is to detect, disrupt, and eradicate cyber security threats. The position uses data analysis, threat intelligence, and cutting-edge Cloud and on-premise security technologies. As a member of a team, you will support the Enterprise Security team by applying analytic and technical skills to investigate intrusions, identify malicious activity across Cloud, email, network, and endpoint environments, and perform incident response.


KEY ACCOUNTABILITIES:



-General SIEM/SOAR monitoring, analysis, response to various types of cyber security alerts/incidents.
-Experience in building custom detection logic and automating response workflows within SOAR platforms.
-Conduct analysis of network traffic and host activity across a wide array of technologies and platforms
-Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
-Compile approved detailed investigation and analysis reports for business, and delivery to management
-Maintain knowledge of various threat actors and associated tactics, techniques, and procedures (TTPs).
-Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs.
-Analyze malicious campaigns and evaluate effectiveness of security technologies.
-Develop advanced queries and alerts to detect adversary actions. Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.
-Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies.
-Lead response and investigation efforts into advanced/targeted attacks, including email threats/campaigns.
-Provide expert analytic investigative support of large scale and complex security incidents.

KNOWLEDGE/SKILLS/ABILITIES:

-5+ years of relevant and documented cyber security experience in IT Security, Incident Response, email and network security.
-Considerable experience with the incident response process, including detecting advanced adversaries using Splunk and/or Azure / Microsoft Security tools.
-Strong analytical and investigation skills & active threat hunting and adversary tracking.
-Working knowledge of security architectures, devices and threat intelligence consumption and management within Cloud, network, email and endpoint.
-Working knowledge of root causes of malware infections and proactive mitigation.
-Working knowledge of lateral movement, footholds, and data exfiltration techniques.
-Track record of creative problem solving, and the desire to create and build new processes.
-Experience with packet flow, TCP/UDP traffic, firewall technologies, IPS technologies, proxy technologies, and Active Directory.
-Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts.
-Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
-Strong time management and multitasking skills as well as attention to detail as well as strong collaborative skills and proven ability to work in a diverse team of cyber security professionals.

DESIRED EXPERIENCE:


-Experience with one or more languages (e.g., Python, Kusto Query Language, Splunk – SPL, PowerShell, Jupyter Notebook, Rest API)
-Demonstrated knowledge of the Splunk search language, search techniques, alerts, EDR platforms, dashboards and report building.
-Demonstrated experience in Digital Forensics
-Deep understanding of Microsoft Exchange configuration
-Experience with Netflow or PCAP analysis.
-Experience with computer exploitation methodologies
-Familiarity with regulatory and compliance requirements such as NIST, CIS Controls, or ISO 27001 is an asset.
-Relevant Microsoft Security certifications
-CISSP, CISM or a GIAC certification is preferred


Candidates under consideration may be required to participate in an assessment process consisting of any/all of the following: interview, abilities test, case study and/or presentation.

At SaskPower, we believe in the importance of diversity and inclusion. We’re dedicated to creating and cultivating an inclusive workplace and a workforce that represents the communities we serve.
We acknowledge and recognize equity groups designated by the Canadian Employment Equity Act. These include:

• Indigenous Peoples
• members of Visible Minority Groups
• persons with disabilities
• women
• LGBTQ2S+ community
• persons who served and are serving in the military
• newcomers to Saskatchewan

We base our selection process on merit and encourage all diverse groups to participate fully.

As part of our ongoing commitment to reconciliation, we prioritize hiring Indigenous Peoples as we recognize and respect their knowledge and experience. We acknowledge the barriers that affect equity groups, and we’re committed to addressing, mitigating and accommodating these barriers to strive for equity in the workplace. Learn more at Commitment to Diversity.

Follow us on LinkedIn to stay up to date on our latest job openings.

Please apply by 05/28/2025.