About the Role:

The primary purpose of Team Lead, Tier 1, Monitoring & Triage role is to drive excellence in customer service and technical support within the organization. The role is responsible for leading a dynamic team of Tier 1 analysts, who are on the forefront of incident response where they will utilize the latest in network security technology while providing Computer Network Defense and Information Assurance (IA) support to ISA's client base and internal network. To Collaborate with members of the SOC team to develop innovative and effective procedures for the SOC to enhance coordination and incident response operation. Coordinate with the associate Director of the SOC and the other Team leads to oversee day to day operation, performance and to ensure projects and tasks are delegated and deadlines are met. This role encompasses a blend of leadership, mentorship, and hands-on problem-solving to optimize team performance and elevate customer satisfaction.

About Us:

We are proud to be recognized as a top employer for multiple years in a row, we currently hold the distinctions of Canada's Top Small and Medium Employers 2023, Greater Toronto's Top Employers 2024 and are Certified Great Place to Work 2023-2024.

At ISA Cybersecurity, our mission is to help clients achieve their privacy and security goals, and to be proactive in the fight against security threats. ISA is Canada's leading cybersecurity-focused company, with three decades of experience delivering cybersecurity services and people you can trust. We provide our clients with comprehensive counsel on complex, evolving, and multi-faceted issues related to cybersecurity and breach incident response.

ISA Cybersecurity also offers a world-class 24/7 by 365 SOC 2 Type II certified CIOC (cybersecurity intelligence operations center), giving our clients deeper insights and earlier warnings about coordinated cyber-attacks. ISA strategically partners with many of the most respected security technology firms in the world. Through these relationships, our clients can gain access to a broad portfolio of industry-leading cyber solutions best suited to protect their corporate assets and customer data.

In today's volatile world of digital threats, we help Canadian companies to better understand their current security posture and how to mitigate risks.

Responsibilities:

• Monitor & Triage security events generated from the detection & response tools like SIEM & Endpoint protection
• Perform level 1 event investigation such as IP/URL/Domain reputation checks, initial log data gathering, identify potential true positive, true negative, false positive and assign a severity rating
• Initiate event escalation to the client, adhering to prescribed SLAs for each severity level
• Conduct internal event escalation of Severity 1s and 2s to Cybersecurity Analyst
• Perform investigation of Severity 3s and 4s, and escalate the events to the clients
• Act as a first line of escalation for clients that submit service requests via phone, email, or tickets
• Fulfill client requests, and/or escalate to Cybersecurity Analyst, Tier 2 (SIEM Investigation/Protection Services), Vulnerability Management Analyst, Incident Response Analyst or Engineering team
• Conduct health checks on the technologies used by the SOC
• Identify updates & changes to existing Knowledge Base documents to ensure information is up to date and accurate
• Ensure that all internal SOC processes are always followed ensuring service delivery standards are met
• Train analysts on new and existing SOC technologies to enhance incident triage efficiency, improve performance, and reduce SLA
• Lead the Monitoring & Triage team to ensure best results and resolve customer issues
• Assist the team members to identify and map out their short and long-term goals
• Conduct mid-year and end-of-year performance reviews for the team
• Manage interview process for both full-time and co-op applicants
• Other duties as required

Qualifications:

• An advanced degree in Computer Science, Information Security, or a related discipline, or equivalent work experience
• 2-3 years of experience in Information Security
• Strong interpersonal, communication, and presentation skills
• Effective time management, organizational skills, and decision-making capabilities
• Capacity to comprehend and incorporate cultural nuances and motives, facilitating collaboration within cross-cultural and diverse teams
• Sound judgment, combining tactical and strategic thinking, with a focus on detail
• Knowledge of cyber security tools such as QRadar, Fireye Helix, SentinelOne or other SIEM tools
• Experience with UNIX/Linux, Windows and Containerization TCP/IP, computer networking, routing, and switching
• Experience in firewall and intrusion detection/prevention
• Knowledge of AWS services (such as EC2, Lambda, RDS, SQS etc.)
• Strong understanding of core IT and Security infrastructures including Active Directory, Microsoft Windows security controls, SIEM, AV/EDR, IPS, and vulnerability scanners
• Proficient in all facets of Information security within the Prevent, Detect and Respond domains

Why Join Us?

At ISA Cybersecurity we lead with our "Why". Our Why is to make people feel safe. This not only applies to the result of services that we provide to our clients, but how people feel when interacting with us. Whether you're an employee of ISA or a client we want you to feel safe and supported. Each one of our team members is expected to uphold this leadership quality and embrace it through consistent demonstration of our core values of Explore, Persevere, Adapt and Uplift.

We are proud to offer a variety of employee friendly programs that enable our team to perform at their best.

Highlights of our programs and policies include:

• Flexible sick and personal days for all employees
• Generous health plan with enhanced mental health resources and programs
• Professional development opportunities and education reimbursement up to $2,000 annually for all employees
• Maternity and parental leave top-up
• Employee referral bonus of $2,000
• Competitive salaries complemented with RRSP matching and bonus programs
• Distance remote working policy

We also place great value on celebrating the contributions of all employees through the following service recognition programs:

• Service anniversary recognition and generous five-year milestone service awards
• President's Club recognizing special achievement awards: Team Member of the Year for Sales, CIOC and Cyber Services, the Rich Uhrich Founder's Award that is nominated on by all employees and four President's Awards (Risk Taker, Lost Without You, Money Maker and On the Rise)
• Spot rewards providing opportunities for instant peer recognition

Information-sharing and team-building initiatives include:

• Annual kick-off meeting to communicate our strategic priorities
• Informal staff events like pizza lunches or games day
• Quarterly town hall meetings
• Semi-annual hockey tournaments, annual summer social event, and year-end holiday party
• Scheduled employee feedback surveys and goal setting focus groups
• Corporate Intranet, departmental home pages, bi-monthly internal company newsletter

Thank you for your interest in joining ISA Cybersecurity. Our team looks forward to reviewing your application. We will be reaching out to you directly if your experience matches our needs.

Accessibility:

ISA Cybersecurity is committed to providing accommodations for applicants with disabilities. If you require specific accommodation because of a disability or medical need, please inform ISAs Human Resources team ([email protected]) so arrangements can be made for appropriate accommodation to be in place during the recruitment process.