Cyber Security Analyst

As a Cyber Security Analyst, you will be the first line of defense in identifying and responding to threats across BMO's global infrastructure. You'll monitor security systems, triage incidents, and collaborate with cross-functional teams to protect our digital assets. This role operates in a global 24/7/365 environment and seeks to continuously improve operational effectiveness.

• Continuously monitor for and investigate security events using industry-standard case management and SIEM tools.
• Analyze data from various sources to contextualize events with the goal of identifying potential security threats, vulnerabilities, and patterns of malicious activity.
• Provide recommendations for improving security monitoring and detection capabilities based on alert analysis and emerging threats.
• Ensure that security monitoring and triage activities align with industry standards, regulations, and best practices.
• Monitor and drive remediation of operational impacts to security tools and applications.

• Triage and investigate security events to determine their validity and impact, classifying incidents according to severity levels.
• Act as a first responder to security incidents by executing triage and response procedures in support of the Incident Response team.
• Maintain detailed records of security investigations, contextual analysis, and triage procedures in the form of journal entries within cases.

• Collaborate with other security teams, such as incident management, threat intelligence, and insider threat to scale and manage security incidents effectively.
• Create or update documentation of procedures and processes.
• Create activity reports for security tools and applications.
• Communicate effectively both verbally and in writing with end users.
• Build effective relationships with internal/external stakeholders.
• Collaborate with internal and external stakeholders to deliver on business objectives and support operational activities for Cyber Security.

• Provide recommendations for improving security monitoring operations via enhanced automation and process efficiency.
• Leverage data to support communication of ideas and opportunities.
• Provide input into the planning and implementation of operational programs.
• Identify opportunities to strengthen the capability of the Cyber Security organization at BMO, such as mentoring and sharing expertise.
• Stay abreast of industry technical and business trends through participation in professional associations, practice communities, and individual learning.
• Think creatively and propose new solutions.
• Exercise judgement to identify, diagnose, and solve problems within given rules.
• Work mostly independently.
• Broader work or accountabilities may be assigned as needed.

• Exposure to myriad Cyber Security tools. Defense in-depth design creates exposure to many industry-leading solutions.
• Global operations. Coworkers distributed across the globe in our Follow-The-Sun model allow for rich learning experiences when collaborating.
• Culture that champions employee ideas with a goal to consistently improve operational effectiveness and reduce cyber risk.
• Mentoring Opportunities with Incident Responders allow for guidance along your technical journey.
• Opportunities for career growth into Incident Response, Threat Intelligence, or other Financial Crimes Unit roles.

• Post-secondary degree in Business, Computer Science, or a related field, or equivalent combination of formal training and work experience.
• Preference for candidates who have or are pursuing information security certifications from a well-recognized institution (e.g., (ISC)², ISACA, SANS).

• Up to 4 years of relevant experience in information security or with systems and computer operations.
• Experience in areas such as Identity & Access Management, Vulnerability and Configuration Management, Threat Intelligence, IT operations, Certification & Key Management, Security Platform Administration, or Security Incident Response.

• Strong analytical and problem-solving skills.
• Effective verbal and written communication skills.
• Collaboration and team skills.
• Scripting and coding skills leveraging one or more languages (e.g., Python, PowerShell, Bash).
• Familiarity with SIEM platforms (e.g., Splunk, QRadar).
• Understanding of MITRE ATT&CK framework.
• Experience with cloud security (AWS, Azure, GCP).
• Knowledge of information security support and operations concepts, practices, and technologies.
• Understanding of the technical and business environment and corporate processes and procedures.