SecOps engineer in Mississauga, ON

The ideal candidate is required to work 2-3 days weekly at the Mississauga Campus.

Must Have Skills 

• Technical: Security Analytics, AWS, Python/Scripting, Splunk or some SIEM tool.
• Non technical: Good communications skills, written and analytical skills

Primary Responsibilities 

• In-depth Investigation: Analyze escalated alerts and incidents from L1. Use advanced forensic and analysis tools to perform deep-dive investigations where appropriate.
• More often than not, this will simply be consulting additional threat intel sources and closer examination of logs, as deep forensic analysis is typically only required for certain incidents where compromise has occurred.
• On rare occasions, the investigation might conclude that the alert was triggered due to the legacy alert triggers (SIEM saved search with triggers) design flaws resulting in false positives. While investigating the alert L2 should examine if the alert triggers could be improved based on the investigation outcome and consult that with L3.
• Basic Threat Containment: Take limited containment actions under strict guidelines, such as isolating suspicious hosts (when permitted). These guidelines need to be established for internal Platform level accounts, as well as for customer (digital product) accounts.
• Threat Intelligence Correlation: Leverage threat intelligence sources to correlate indicators and identify broader threat campaigns or tactics used by attackers. There are often security communities / forums where trusted industry professionals post information about active attacks they are seeing. Crowd-sourced threat intel can also be useful.
• Containment & Mitigation: Coordinate with product teams to implement containment measures (e.g., blocking IPs, disabling accounts, quarantining devices) and lead initial remediation efforts. During these occurrences consult with product teams about their appetite for participating in automatic remediation / mitigations.
• Report that to L3. In order to perform remediation (either manually or through automation) on behalf of a product, agreements must be in place that indicate which containment measures are authorized to be performed.
• Incident Handling: Act as the primary handler for incidents, leading analysis, investigation, and coordination efforts until resolution.
• Root Cause Analysis: Conduct detailed root cause analysis on incidents and assist with recommendations for future prevention.
• Playbook & SOP Enhancement: Review and update incident response playbooks and procedures to reflect new threats and improve efficiency. Based on feedback from L1 or if identified that an area does not have a runbook created - develop such a runbook if possible. Consult L3 in case L2 is unable to deliver the runbook themself.
• Escalation to L3: Escalate complex or high-impact incidents to L3 with a detailed analysis and recommendations.

Skills Required: 

• Intermediate knowledge of network and Cloud security, including malware analysis and packet analysis. Forensic experience is also a plus.
• Hands on experience with Splunk and AWS environments (2-4 years)
• Experience with threat intelligence and incident response tools.
• Intermediate knowledge of network and Cloud security, including malware analysis and packet analysis
• Strong problem-solving skills and ability to handle more complex or persistent threats.
• Security Certification(s) and/or strong educational background in security, as well as experience working in a SOC.
• Basic knowledge of Python or any other scripting language
• Year of experience : 5+ years, mid -senior level SecOps engineer

Rangam Consultants is a minority, women-owned, disability workforce solutions global organization. We specialize in attracting and retaining talent globally for rewarding careers in IT, Engineering, Scientific, Clinical, Healthcare, Administrative, Finance, Business Management, and many more, while integrating veterans and individuals with disabilities into the workforce. Indeed, we connect career aspirants to relevant job opportunities, whether in the USA, UK, India, or Ireland. Additionally, we offer Flexible Work Arrangement jobs and contract positions across different verticals and industries.
Rangam strives to put job seekers first, providing them with free access to search for jobs, post resumes, and research companies. Every day, we connect millions of people to new opportunities.