Senior Security Analyst for threat and risk assessments and information security improvements within a Microsoft environment

Our large Law Firm client is seeking a Senior Security Analyst for threat and risk assessments and information security improvements within a Microsoft environment.

This is a permanent, full-time opportunity based in the heart of Downtown Toronto with a competitive salary and benefits package offered! The successful candidate will follow a hybrid working model (3 days in office per week).

Must-Haves:

• 5+ years’ experience of technical information security operations, including:
• Responding to security alerts and security requests, such as: suspicious emails, malware detection, suspicious network traffic, or failed authentications.
• Administration of information security tools, including antimalware, EDR, network security, vulnerability scanning, DLP, and cloud security.
• Experience managing and supporting antimalware, endpoint, and network security tools, such as: Windows Defender, McAfee, ESET, Crowdstrike, SentinelOne, Vectra network, Darktrace.
• Experience working in an ISO 27001 certified environment and participating in security governance activities, with the development, implementation and operations of information security policies and procedures.
• Experience assessing information security risks and providing risk remediation strategies.
• Professional Security Certification(s) within at least one of the following: CEH, CISSP, CISA, CISM, CRISC, or SANS/GIAC.
• 5+ years’ of IT security experience within a Microsoft ecosystem (Windows server, cloud security).
• Up to date knowledge of existing and emerging threats, with a fair understanding of common attack vectors, such as malware behaviour, botnet architecture, vulnerabilities exploits, the landscape of cyber criminals, APT (Advanced Persistent Attacks), and the motive and methods of attack of cyber criminals.
• Bachelor's degree in Computer Science, Computer Engineering, Information Security, or a related field.

Responsibilities Overview:

• Conducting daily security operations activities, by:
• Reviewing security alerts from various tools (Antimalware, EDR, Network security, SIEM, DLP, Web filtering, etc.).
• Reviewing security requests from users or other IT teams
• Performing in-depth analysis of security events or requests, to confirm root cause (alerts), business need (requests), technical details, and risk level.
• Making security recommendations
• Maintaining security tools to ensure they are properly running on all hosts, and up to date with the latest engine version and threat definitions. This includes:
• Verifying compliance with the established company standards
• Troubleshooting health issues
• Properly documenting, testing, and planning changes
• Communicating with internal and external stakeholders, as required to gather information when conducting security investigations, or managing security projects.
• Maintaining compliance with ISO 27001/2 by:
• Making suggestions to improve Standard Operating Procedures (SOPs) for daily security operations, existing security procedures, processes, and security solutions in place, as well as the overall security posture of the Firm.
• Performing internal audits as directed
• Preparing regular metrics and reports for security operations and projects