The role of the Security Architect is to work with the Managed Security Services team to secure client’s information. He is mainly responsible for determining security requirements, planning onboarding activities and implementing MSS solutions.

• Be part of the onboarding of new Hitachi Systems Security Inc clients by defining security strategy, writing up processes to implemented correlation rules and related to onboard tasks, following up deployment and insuring quality of communication during onboarding process;
• Enhance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
• Be an escalation point for Information Security Analysts, Information Security Specialists and Incident Response Managers to assist in solving security issues, correlation rules creation/update and other issues related to log ingestion.
• Design and update correlation rules based on client security control situation and cyber threat circumstance and create and maintain correlation guideline and review process.
• Determine security requirements by evaluating business strategies and requirements; researching information security frameworks; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing effort estimates.
• Define security strategies for Hitachi Systems Security Inc clients by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; completing documentation.
• Maintain security monitoring strategy of Hitachi Systems Security Inc customers by conducting regular customer reviews aimed at aligning our security services/monitoring with customer’s constant evolving security challenges.
• Prepare system security report templates by collecting, analyzing, and summarizing data and trends.
• Leads technology architecture practices related to Cloud infrastructures.

• University degree in Computer Science;
• A minimum of 5 years of relevant experience in IT Security;
• Excellent understanding of IT Security controls;
• Excellent knowledge of Linux operating systems (RHEL, CentOS)
• Good experience with TCP/IP protocol and low-level network troubleshooting (VPN/IPSEC, etc.)
• Experience in Cloud computing technology including core services, compute and storage, database, Application Programming Interface (API), DevOps, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), etc.
• Experience with on-premise to Cloud migrations or IT transformations.
• Experience architecting and operating solutions built on Amazon or Azure platforms
• Experience with different elements ensuring network security (firewalls, proxies, etc.)
• Understanding of security frameworks like PCI-DSS or ISO 27001/27002
• Resourceful, analytical and problem-solving skills
• Excellent written and oral communication skills in English
• Honesty, integrity and confidentiality required at all times
• Critical thinking – show a strong sense of urgency about solving problems and getting work done.
• Strong ability to learn, use and master new, unfamiliar technologies
• Ability to work independently with minimum supervision
• Knowledge Snort, Saint
• Unix and Linux Administration background
• CISSP or equivalent certification is an asset.

• Professional environment in cutting-edge technology
• Dynamic work setting in new and modern office
• Employee Referral Bonus
• Group insurance plan
• Team spirit and dedication to service excellence
• Sense of belonging to a global, brand-name organization

The Cyber Threat Hunter will be responsible for participating in threat actor-based investigations to detect, disrupt and eradicate the presence of threat actors from enterprise networks. To meet this goal, you will utilize the latest in cyber security technology and Cyber Threat Intelligence to support Hitachi Systems Security Inc. customers with proactive Computer Network Defense protection.

• Hunt for and identify threat actor groups based on their known techniques, tactics, procedures (TTPs), tools and infrastructure.
• Identify and track new tactics, techniques, and procedures (TTPs) associated with known threat actors to enhance our cyber threat intelligence database.
• Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors.
• Conduct Open Source cyber threat intelligence research to identify threat actor motivations, capabilities, and intentions.
• Monitoring and analysis of network traffic and security alerts, responding to potential threats and vulnerabilities.
• Investigation of intrusion attempts and performing in-depth reverse engineering analysis of exploits.
• Provide network intrusion detection expertise to support timely and effective decision on when to declare an incident.
• Perform initial triage on security events that are populated in Hitachi’s Security Information and Event Management (SIEM) system.
• Analyze a variety of network and endpoint-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Independently follow procedures to contain, analyze, and eradicate malicious activity.
• Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
• Develop advanced queries and alerts to detect adversary actions.
• Provide thoroughly vetted intelligence products on emerging cyber threats, indicators of compromise and trend analysis.
• Create a final incident report detailing the events of the incident.
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information to US government agencies.
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC operations.

• Minimum of two (2) years of direct experience in an IT Security, Incident Response or Security Analyst role within the last 4 years.
• Industry recognized professional certification such as GCFA, GREM, GCIH, CISSP
• Experience with or current understanding of Cyber intelligence processes and systems.
• Direct experience with Malware and Fusion analysis techniques and methodologies.
• Scripting skills (e.g., PowerShell, Python, shell scripting)
• Experience with cyber advanced persistent threats, actors, infrastructure, and TTPs.
• Experience and extensive knowledge working with a SIEM and performing triage, information gathering and analysis.
• Experience in Security Incident Handling and Incident Management procedures.
• Experience with writing clear and concise technical documents specifically event analysis and incident handling documentation.
• Experience with Intrusion Detection and Prevention Systems.
• Knowledge of computer networking, routing and switching with knowledge of the TCP/IP stack and other protocols.
• Experience with Linux/UNIX and Windows based devices at the System Administrator level.
• Working knowledge of security architectures and devices.
• In-depth knowledge of lateral movement methods, foothold tactics, and data exfiltration techniques.
• Experience with Account Management, Windows Events and Log Management.
• Organizational skills and the ability to work autonomously with attention to detail and processes.
• Excellent communication skills with experience providing incident briefings to peers, management and clients.
• Excellent written skills with experience creating formal incident reports.
• Suitable to obtain Canadian Federal Government SECRET clearance, or the ability to obtain a clearance.

• Professional environment in cutting-edge technology
• Dynamic work setting in new and modern office
• Employee Referral Bonus
• Group insurance plan
• Team spirit and dedication to service excellence
• Sense of belonging to a global, brand-name organization

The role of the information security analyst is to analyze alerts generated by intrusion detection systems, which are deployed on client networks worldwide. When necessary, the analyst will be required to counter attacks by intervening in a manner that is in accordance with the intervention process established with clients. The analyst is also responsible for producing analysis reports on a monthly basis for clients and ensuring the optimum performance of client networks from an information security’s perspective.