SOC Cybersecurity Analyst (L3)

Wepoint est l’architecte des grandes transformations des entreprises et des acteurs publics.

Nous accompagnons nos clients de la stratégie à la mise en œuvre technologique, en nous attachant toujours à penser au-delà des évidences et à s’inscrire dans des logiques de Responsabilité Économique, Sociale, Environnementale et Technologique (RESET), pour créer de nouvelles façons de travailler, de nouveaux modèles économiques et de nouveaux lieux intelligents.

En près de 20 ans, nous sommes devenus l’un des acteurs majeurs de la transformation numérique et employons 3 500 collaborateurs en Europe, en Tunisie et en Amérique du Nord ainsi qu’en Asie Pacifique.

COURAGE - AUTHENTICITÉ - OUVERTURE - ENGAGEMENT - ÉLÉGANCE

Autant de valeurs qui rejoignent les collaborateurs de Wepoint.

Nous travaillons avec des talents engagés, prêts à partager leurs expertises dans des collectifs ouverts, qui ont le courage de prendre des initiatives et capables de se remettre en question.

Au cœur des relations humaines et du respect de notre environnement, chez Wepoint, se trouvent l’authenticité et la volonté de toujours tendre vers l’excellence pour nos clients.

The L3 Production Cybersecurity Analyst position will provide security expertise to the 24/7 Security Operations Center (SOC). The main objective of this position is to contribute to the coordination and reporting of cyber incidents affecting the bank's critical assets by detecting, preventing, and responding to cyber threats targeting our group's infrastructure. This role provides essential support to the company-wide cybersecurity program through regional partnerships with our various business lines and, externally, with our customers, partners, and regulators.

As a Cybersecurity Analyst, you are not only responsible for real-time monitoring, analysis, and resolution of identified security incidents, but also for the development and continuous improvement of the capabilities of the 24/7 SOC, the first line of defense for identifying potential information security incidents.

• Provide analysis and monitoring of security log trends from numerous heterogeneous security devices;
• Be responsible for the development and validation of use cases;
• Provide incident response (IR) support or elevate when analysis confirms an actionable incident. Provide threat and vulnerability analysis and security consulting services;
• Develop a threat hunting program and capabilities;
• Analyze and respond to previously undisclosed software and hardware vulnerabilities;
• Investigate, document, and report on information security issues and emerging trends;
• Conduct threat hunting activities to identify potential adversaries present in the network;
• Perform analysis on compromised systems to identify the extent and nature of the compromise and provide remediation recommendations;
• Provide support and/or conduct research for any security-related questions or incidents;
• Perform tasks independently with a certain level of supervision;
• Integrate and share information with other analysts and teams;
• Monitor internal bank sources that may indicate security incidents, health alerts from monitored solutions, and requests for information (real-time channels or dashboards, periodic reports, email inboxes, helpdesk or other ticketing systems, phone calls, chat sessions);
• Follow incident-specific procedures to triage potential incidents, validate and determine necessary mitigation measures, and keep these procedures up to date;
• Escalate potential security incidents to Level IV engineers, implement countermeasures where appropriate, and recommend operational improvements;
• Maintain accurate incident notes in the case management system;
• Maintain in-depth knowledge of the bank's technology architecture, known weaknesses, the architecture of security solutions used for monitoring, imminent and general threats identified by customer threat intelligence, and recent incidents;
• Continuously improve the service by identifying and correcting gaps (analysis procedures, playbooks, client network models), adjusting false positives, and identifying and recommending new tools, content, countermeasures, or scripts;
• Serve as a recognized expert in at least one security-related field (e.g., a specific anti-malware solution, Python programming, etc.);
• Actively seek professional development through continuous learning and aim to progress to the Analyst IV level.
• Comply with internal operational security rules and other policies.
• Carry out small ad hoc tasks/projects that may be assigned to you.

• Knowledge or 3-5 years of experience with the following technologies: SIEM, ELK, IDS/IPS, network and host firewalls, data leak prevention (DLP);
• Direct experience with antivirus software, endpoint detection and response (EDR) solutions, firewalls, and content filtering;
• Demonstrable experience or knowledge in incident response, log analysis, and PCAP file analysis;
• Good knowledge of network fundamentals, e.g., OSI model, TCP/IP, DNS, HTTP(S), SMTP;
• Good understanding of threat actors' methods of attack against a network: phishing, port scans, web application attacks, DDoS, lateral movement;
• Knowledge of Windows and/or Linux operating systems and investigation methods to detect signs of compromise;
• Motivation to learn and contribute to the team's ongoing development;
• Recommended certifications: GCFA, GCIH, OSCP, or equivalent;
• Excellent communication skills in English are required as the position involves communicating with stakeholders outside Quebec.

Only candidates legally authorized to work for any employer in Canada will be considered.

• Minimum de 3 semaines de vacances dès la première année;
• Assurances collectives complètes avec contribution généreuse de l'employeur;
• Contribution employeurs au REER collectif
• Flexibilité de télétravail complète : Hybride, Distanciel, Présentiel.
• Un bureau chaleureux, lumineux et accueillant qui vous offre : des fruits frais, du café, des breuvages, des repas occasionnels, etc.
• Budget de matériel informatique annuel
• Environnement de travail équilibré et flexibilité d'horaires;
• Évolution de carrière : Formation et certifications, Apprentissage en-ligne ou en présentiel, Academy Wepoint, etc.
• Une communauté internationale d’experts prêts à partager leurs connaissances;
• Une culture d’entreprise axée sur les besoins des individus et leurs appartenances à une communauté forte