Description
Bring your IT career and talents to CDW, where you can have a greater impact, be inspired by our mission and excited about your career and future. A Fortune 200 leader, we’re the driven professionals and technology experts companies turn to most to solve their IT challenges.

This role will support our Mississauga, Ontario area Security Operations Centre, and can be based within the Greater Toronto area, or remotely from elsewhere in Canada. For this role, we're seeking an individual with a strong background in EDR, XDR (Crowd Strike, Cortex XDR, Windows Defender, Sentinel One) and SIEM tools with a good level of expertise in navigating Windows and Linux file systems via the Command line or using Power Shell. Experience scripting in (Bash, Power Shell or Python) is an advantage. Knowledge of Cyber security frameworks such as Martin Lockheed Kill Chain, MITRE ATT&ACK, Pyramid of Pain and Diamond model of intrusion analysis. Solid understanding of Windows, Linux and or Mac process internals, structure and or information would be extremely beneficial.

The Analyst performs in depth investigation of security incidents, writes an incident report with details of the investigation findings, initiates response actions if applicable and provides applicable recommendations and next steps to the client based on the findings from the investigation. The Analyst applies trusted advisor techniques on all engagements with clients.

What You’ll Do:
Services Delivery (65%)

• Monitor, analyze, and triage cyber security alerts on the EDR/XDR tool by applying industry accepted analytics techniques and cyber security frameworks such as Kill Chain and MITRE ATT&ACK.
• Take ownership of in-scope cyber incident investigations.
• Create, manage, and follow up on service tickets.
• Monitor and manage request and incident queues and provide response and resolution within Service Level Agreement and Service Level Objective.
• Follow defined processes for incident response.
• Correlate event details within the incident timeline to identify malicious activities leveraging EDR/XDR tool.
• Carry out extended searches for leveraging the SIEM platform to provide in depth investigation and identify full attack path where applicable.
• Design, create, and update documentation as directed.
• Research and analyze threat intelligence and indicators of compromise (IOC) for applicability during incident investigation.
• Review alerts, decipher false positives, and follow through on incident investigations.
• Initiate response actions via the EDR or XDR tool for incident remedial action.
• Evaluate risk of security alerts and make appropriate recommendations to mitigate evaluated risks.
• Update service tickets and cases with investigation evidence.
• Apply Trusted Advisor techniques to build up client trust and influence loyalty.
• Carry out rapid IOC searches based on given IOC obtained from threat intelligence feeds across clients’ endpoint/extended detection and response platforms.
• Open technical support cases with respective vendors where applicable
• Escalate issues encountered during the shift to the Manager.

Professional Development (35%)

• Attend training sessions or shadowing activities and obtain industry-related certifications as determined by the Manager.
• Participate in all in-house CTFs and self-paced training.

Qualifications - Internal
What You Need to Succeed:
Must-Have:

• Bachelor's degree (B.A./B.S.) or 3-year diploma in Engineering, Computer Science, or Technology related field

• At least 1 year of work experience in supporting information technology/systems.
• At least one (1) technical certification in the technologies for which Sirius offers Managed Security Services. These may include, but are not limited to: QRadar, Log Rhythm, Exabeam, or similar technology.
• Any of these security focused certifications: Comptia Security +, Comptia CYSA, SANS: GCIA, GCIH, CEH

Other Position Requirements:

• The candidate must be proactive and pay attention to details.
• works collaboratively with other teammates.
• Takes ownership and drives issues towards a resolution.
• A good understanding of IT infrastructure systems, Cybersecurity fundamentals, vulnerability management fundamentals, endpoint and server administrations, network routing and switching, network traffic analysis and administration.
• Ability to acquire technical skills and certifications required to effectively execute the role, develop familiarity with industry or specialty products/services, and apply the knowledge gained through training.
• Ability to investigate problems and use standard operating procedures and processes to resolve them.
• Good troubleshooting and problem-solving skills. Possess an innate curiosity and critical thinking mindset.
• Ability to establish positive working relationships and contribute to team objectives in a consulting environment.
• Good verbal, written communication skills and the confidence to engage the clients effectively.
• Proven time management and organizational skills
• Word, Excel, Visio, Power Point, and Outlook skills

Nice-to-have:

• Previous experience working in a Security Operations Centre (SOC) environment or similar environment.

Essential Functions:
The position is part of a 7 day per week, 24 hour per day managed services operations. To provide the required coverage, must be willing to work other shifts including weekends, holidays, and overtime.
The above primary duties, responsibilities, and position requirements are not all inclusive.


Who we are:
CDW is a leading technology solutions provider to business, government, education and healthcare organizations across the globe. Our fingerprints can be found on technology in workplaces of more than 250,000 companies; from fresh-faced start-ups to international conglomerates. With the breadth of products and services we offer, there is no request too big or too small.

What you can expect from us: Culture, coworkers, careers.
CDW is not only the People Who Get IT but the People who get People. Our relationships are fueled by our deep expertise and grounded in the CDW Way. Our empowering leadership makes things happen and inspires their teams to do the same. From the teammates beside us to the leaders who guide us, we move forward together. At CDW, you’ll work with people who inspire you. People with positive, success-driven attitudes who you will learn from and forge strong relationships with. Bring your best true self—and your best ideas—to CDW. Because diverse perspectives bring forth better problem solving—and better solutions for our customers on a rapidly evolving technology landscape.