2 Threat Detection jobs in Toronto
Consultant - Incident Response | Remote, CAN
Toronto, Ontario
Optiv
Posted 4 days ago
Job Viewed
Job Description
_This position will be fully remote and can be hired anywhere in Canada._
An Enterprise Incident Management (EIM) Consultant is a highly skilled incident responder capable of performing complex investigations while maintaining a business focus and meeting client requirements. This position will work both independently and as part of a team to perform digital investigations including: Zero Day Exploitation, Business Email Compromise, Unauthorized Access, Sensitive Data Exposure, Insider Threat, Malware Analysis, and Threat Hunting. An EIM Consultant also contributes to the development and continuous improvement of the EIM practice through various team and industry contributions.
**How you'll make an impact:**
+ Ability to combine multiple separate findings to identify complex attacks and incidents
+ Ability to manually collect relevant data sources during an incident.
+ Ability to identify, describe and report threat vectors and forensic artifacts
+ Proficiency with commercial and open-source security tools required (EnCase, FTK, XWays, Splunk, ELK, EZ Tools etc.)
+ Familiarity with many different network architectures, network services, system types, network devices, development platforms and software suites required (Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.) required.
+ Familiarity with Endpoint Detection and Response (EDR) products, such as SentinelOne, Carbon Black, CrowdStrike, etc.
+ Passion for creating tools and automation to make common tasks more efficient preferred.
+ Knowledge of programming and scripting for development of security tools preferred.
+ Demonstrated ability to create comprehensive incident reports required.
+ Must be able to work well with customers and self-manage through difficult situations, focus on client satisfaction.
+ Ability to convey complex technical security concepts to technical and non-technical audiences including executives required.
+ Ability to work both independently as well as on teams required.
+ Willingness to collaborate and share knowledge with team members required.
+ Proven ability to review and revise reports written by peers required.
+ Demonstrated effective time management skills, ability to balance multiple projects simultaneously and the ability to take on large and complex projects with little or no supervision required.
**What we're re looking for:**
+ Bachelor's degree and approximately 2-5 years of related work experience.
+ Approximately 2-5 years of technical architecture experience
+ Prior experience performing Incident Response, including experience in Containment and Isolation, Forensics, Root Cause Analysis, and/or Elimination and Remediation to enterprise-level organizations.
+ Ability to travel 25-40% of the time to client sites.
+ This position requires the ability to respond onsite in a 24/7/365 environment; must be willing to work evening, overnight, and weekend/holiday hours
+ Preferred certifications include: GIAC Certified Forensics Examiner (GCFE), GIAC Certified Incident Handler (GCIH),EC-Council Certified Incident Handler (ECIH), and Certified Computer Forensics Examiner (CCFE)
+ #LN-GN1
**What you can expect from Optiv**
+ A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups ( .
+ Work/life balance
+ Professional training resources
+ Creative problem-solving and the ability to tackle unique, complex projects
+ Volunteer Opportunities. "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.
+ The ability and technology necessary to productively work remotely/from home (where applicable)
**EEO Statement**
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv's selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice ( . If you sign up to receive notifications of job postings, you may unsubscribe at any time.
An Enterprise Incident Management (EIM) Consultant is a highly skilled incident responder capable of performing complex investigations while maintaining a business focus and meeting client requirements. This position will work both independently and as part of a team to perform digital investigations including: Zero Day Exploitation, Business Email Compromise, Unauthorized Access, Sensitive Data Exposure, Insider Threat, Malware Analysis, and Threat Hunting. An EIM Consultant also contributes to the development and continuous improvement of the EIM practice through various team and industry contributions.
**How you'll make an impact:**
+ Ability to combine multiple separate findings to identify complex attacks and incidents
+ Ability to manually collect relevant data sources during an incident.
+ Ability to identify, describe and report threat vectors and forensic artifacts
+ Proficiency with commercial and open-source security tools required (EnCase, FTK, XWays, Splunk, ELK, EZ Tools etc.)
+ Familiarity with many different network architectures, network services, system types, network devices, development platforms and software suites required (Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.) required.
+ Familiarity with Endpoint Detection and Response (EDR) products, such as SentinelOne, Carbon Black, CrowdStrike, etc.
+ Passion for creating tools and automation to make common tasks more efficient preferred.
+ Knowledge of programming and scripting for development of security tools preferred.
+ Demonstrated ability to create comprehensive incident reports required.
+ Must be able to work well with customers and self-manage through difficult situations, focus on client satisfaction.
+ Ability to convey complex technical security concepts to technical and non-technical audiences including executives required.
+ Ability to work both independently as well as on teams required.
+ Willingness to collaborate and share knowledge with team members required.
+ Proven ability to review and revise reports written by peers required.
+ Demonstrated effective time management skills, ability to balance multiple projects simultaneously and the ability to take on large and complex projects with little or no supervision required.
**What we're re looking for:**
+ Bachelor's degree and approximately 2-5 years of related work experience.
+ Approximately 2-5 years of technical architecture experience
+ Prior experience performing Incident Response, including experience in Containment and Isolation, Forensics, Root Cause Analysis, and/or Elimination and Remediation to enterprise-level organizations.
+ Ability to travel 25-40% of the time to client sites.
+ This position requires the ability to respond onsite in a 24/7/365 environment; must be willing to work evening, overnight, and weekend/holiday hours
+ Preferred certifications include: GIAC Certified Forensics Examiner (GCFE), GIAC Certified Incident Handler (GCIH),EC-Council Certified Incident Handler (ECIH), and Certified Computer Forensics Examiner (CCFE)
+ #LN-GN1
**What you can expect from Optiv**
+ A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups ( .
+ Work/life balance
+ Professional training resources
+ Creative problem-solving and the ability to tackle unique, complex projects
+ Volunteer Opportunities. "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.
+ The ability and technology necessary to productively work remotely/from home (where applicable)
**EEO Statement**
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv's selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice ( . If you sign up to receive notifications of job postings, you may unsubscribe at any time.
This advertiser has chosen not to accept applicants from your region.
0
Information Security Manager (Incident Response)
Toronto, Ontario
Celestica
Posted 4 days ago
Job Viewed
Job Description
Information Security Manager(Incident Response)
**Information Security Manager (Incident Response)**
Functional Area: Information Technology (ITM)
Career Stream: IT Risk & Compliance (RAC)
Role: Manager (MG2)
Job Title: Manager, Information Security 2
Job Code: MG2-ITM-SECR
Job Level: Level 10
Direct/Indirect Indicator: Indirect
**Summary**
The Cybersecurity Manager, specializing in **Incident Response and Forensics** , leverages knowledge of **advanced cyber threats** , attacker methodologies, and security technologies to proactively **identify and neutralize complex threats** within the enterprise environment. This specialist remains informed about emerging technologies and recommends strategic directions. A strong understanding of security best practices, excellent analytical and problem-solving skills, and the ability to work both independently and collaboratively within a team are essential for this role. The Senior Cybersecurity Specialist plays a crucial part in protecting our organization's digital assets and ensuring a robust security posture.
**Detailed Description**
Performs tasks such as, but not limited to, the following:
+ Performs strategic assessments to understand the current capabilities and future security needs of the enterprise. Recognizes and evaluates business security risks while defining appropriate risk-mitigating controls and technologies.
+ Takes a primary role in investigating and responding to complex security incidents identified through threat-hunting activities, including containment, eradication, and recovery efforts.
+ Presents incident details and findings to senior management.
+ Based on insights from threat hunting, recommends and drives the implementation of new or enhanced security controls and technologies to mitigate identified vulnerabilities and improve the organization's defense capabilities.
+ Provides technical leadership, guidance, and mentorship to junior threat hunters, fostering their professional development and enhancing the team's overall capabilities.
+ Defines the scope, objectives, and methodologies for threat-hunting engagements based on threat intelligence, business risk, and asset criticality. Oversees the planning, execution, and reporting of threat-hunting activities to ensure the efficient and effective identification of potential threats.
+ Identifies new and alternative approaches for implementing and managing security activities. Provides security consultation and implements appropriate controls to minimize the risk of potential revenue loss, missed business opportunities, or competitive disadvantages resulting from malicious attacks, accidental data corruption, or unauthorized access to sensitive company or customer information assets.
+ Maintains relationships with and consults industry-leading Information Security Associations, companies, and forums to stay updated on the latest technology and process advancements through education. Manages security trends and evaluates their effects on the CLS architecture and the security protection landscape.
+ Provides tier-three subject matter expert (SME) escalation support to the Service Desk for information security issues. This includes maintaining historical information, making adjustments, compiling statistics to enhance performance, and developing performance metrics.
+ Ensures that projects are selected based on key criteria and are diligent in selecting the most valuable projects within resource and budget constraints. Has the capability to request funding for larger projects, document the program,, and present improvements to senior management for approval.
+ Prepares clear and concise reports and presentations for both technical and non-technical audiences, including senior management, that summarize threat-hunting activities, findings, and actionable recommendations.
+ Offers strategic input for the development and maintenance of the organization's security roadmap, informed by insights gained from threat-hunting activities and the evolving threat landscape.
**Knowledge/Skills/Competencies**
+ Knowledge of operating systems (Windows, Unix, macOS), endpoint detection and response (EDR) solutions, antivirus software, and how threats manifest on endpoints is essential. This includes understanding system logs, processes, and file system activities.
+ Proficiency in using SIEM tools (e.g., Sumologic, Microsoft Sentinel) to aggregate, correlate, and analyze security logs and events from various sources is vital for identifying suspicious patterns and anomalies across the environment.
+ Sound Scripting Knowledge(eg: Python, bash, Ruby)
+ Strong understanding of cloud security concepts, platforms (AWS, Azure, GCP).
+ Experience in risk and compliance management and process development in the areas of information technology and security
+ Advanced knowledge of risk mitigation and business controls
+ Excellent communication and business writing skills, as well as the ability to develop executive-level presentations/strategies that include process diagrams and designs
+ Excellent problem resolution and creative problem-solving skills
+ Excellent project management skills and strong knowledge of change management processes
+ Strong customer management skills; ability to clearly articulate the role that IT can play in enhancing customers' activities.
**Physical Demands**
+ Duties of this position are performed in a normal office environment.
+ Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.
+ May require occasional on-call availability and response to security incidents outside of normal business hours.
**Typical Experience**
+ 10+ years of progressive experience in cybersecurity, with a significant focus on threat hunting, incident response for advanced threats, security operations, and digital forensics.
+ Demonstrated history of technical leadership and strategic thinking in security roles.
+ Extensive experience leading and managing complex security investigations and threat hunting engagements.
**Typical Education**
+ Bachelor's Degree in Computer Science, Information Security, or a related field.
+ Must have at least 2 of the below certifications:CompTIA Security+CompTIA Cybersecurity Analyst (CySA+)CompTIA Advanced Security Practitioner (CASP+)GIAC Certified Incident Handler (GCIH)GIAC Certified Forensic Analyst (GCFA)
+ Educational requirements may vary by geography.
**Notes**
This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.
Celestica is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.
At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.
**COMPANY OVERVIEW:**
Celestica (NYSE, TSX: CLS) enables the world's best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development - from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.
Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.
**Information Security Manager (Incident Response)**
Functional Area: Information Technology (ITM)
Career Stream: IT Risk & Compliance (RAC)
Role: Manager (MG2)
Job Title: Manager, Information Security 2
Job Code: MG2-ITM-SECR
Job Level: Level 10
Direct/Indirect Indicator: Indirect
**Summary**
The Cybersecurity Manager, specializing in **Incident Response and Forensics** , leverages knowledge of **advanced cyber threats** , attacker methodologies, and security technologies to proactively **identify and neutralize complex threats** within the enterprise environment. This specialist remains informed about emerging technologies and recommends strategic directions. A strong understanding of security best practices, excellent analytical and problem-solving skills, and the ability to work both independently and collaboratively within a team are essential for this role. The Senior Cybersecurity Specialist plays a crucial part in protecting our organization's digital assets and ensuring a robust security posture.
**Detailed Description**
Performs tasks such as, but not limited to, the following:
+ Performs strategic assessments to understand the current capabilities and future security needs of the enterprise. Recognizes and evaluates business security risks while defining appropriate risk-mitigating controls and technologies.
+ Takes a primary role in investigating and responding to complex security incidents identified through threat-hunting activities, including containment, eradication, and recovery efforts.
+ Presents incident details and findings to senior management.
+ Based on insights from threat hunting, recommends and drives the implementation of new or enhanced security controls and technologies to mitigate identified vulnerabilities and improve the organization's defense capabilities.
+ Provides technical leadership, guidance, and mentorship to junior threat hunters, fostering their professional development and enhancing the team's overall capabilities.
+ Defines the scope, objectives, and methodologies for threat-hunting engagements based on threat intelligence, business risk, and asset criticality. Oversees the planning, execution, and reporting of threat-hunting activities to ensure the efficient and effective identification of potential threats.
+ Identifies new and alternative approaches for implementing and managing security activities. Provides security consultation and implements appropriate controls to minimize the risk of potential revenue loss, missed business opportunities, or competitive disadvantages resulting from malicious attacks, accidental data corruption, or unauthorized access to sensitive company or customer information assets.
+ Maintains relationships with and consults industry-leading Information Security Associations, companies, and forums to stay updated on the latest technology and process advancements through education. Manages security trends and evaluates their effects on the CLS architecture and the security protection landscape.
+ Provides tier-three subject matter expert (SME) escalation support to the Service Desk for information security issues. This includes maintaining historical information, making adjustments, compiling statistics to enhance performance, and developing performance metrics.
+ Ensures that projects are selected based on key criteria and are diligent in selecting the most valuable projects within resource and budget constraints. Has the capability to request funding for larger projects, document the program,, and present improvements to senior management for approval.
+ Prepares clear and concise reports and presentations for both technical and non-technical audiences, including senior management, that summarize threat-hunting activities, findings, and actionable recommendations.
+ Offers strategic input for the development and maintenance of the organization's security roadmap, informed by insights gained from threat-hunting activities and the evolving threat landscape.
**Knowledge/Skills/Competencies**
+ Knowledge of operating systems (Windows, Unix, macOS), endpoint detection and response (EDR) solutions, antivirus software, and how threats manifest on endpoints is essential. This includes understanding system logs, processes, and file system activities.
+ Proficiency in using SIEM tools (e.g., Sumologic, Microsoft Sentinel) to aggregate, correlate, and analyze security logs and events from various sources is vital for identifying suspicious patterns and anomalies across the environment.
+ Sound Scripting Knowledge(eg: Python, bash, Ruby)
+ Strong understanding of cloud security concepts, platforms (AWS, Azure, GCP).
+ Experience in risk and compliance management and process development in the areas of information technology and security
+ Advanced knowledge of risk mitigation and business controls
+ Excellent communication and business writing skills, as well as the ability to develop executive-level presentations/strategies that include process diagrams and designs
+ Excellent problem resolution and creative problem-solving skills
+ Excellent project management skills and strong knowledge of change management processes
+ Strong customer management skills; ability to clearly articulate the role that IT can play in enhancing customers' activities.
**Physical Demands**
+ Duties of this position are performed in a normal office environment.
+ Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.
+ May require occasional on-call availability and response to security incidents outside of normal business hours.
**Typical Experience**
+ 10+ years of progressive experience in cybersecurity, with a significant focus on threat hunting, incident response for advanced threats, security operations, and digital forensics.
+ Demonstrated history of technical leadership and strategic thinking in security roles.
+ Extensive experience leading and managing complex security investigations and threat hunting engagements.
**Typical Education**
+ Bachelor's Degree in Computer Science, Information Security, or a related field.
+ Must have at least 2 of the below certifications:CompTIA Security+CompTIA Cybersecurity Analyst (CySA+)CompTIA Advanced Security Practitioner (CASP+)GIAC Certified Incident Handler (GCIH)GIAC Certified Forensic Analyst (GCFA)
+ Educational requirements may vary by geography.
**Notes**
This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.
Celestica is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.
At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.
**COMPANY OVERVIEW:**
Celestica (NYSE, TSX: CLS) enables the world's best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development - from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.
Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.
This advertiser has chosen not to accept applicants from your region.
Be The First To Know
About the latest Threat detection Jobs in Toronto !
1