SOC Analyst

Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, ThinkInsure, Zolo, and Flexiti, provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, insurance, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money.

We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.

This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG.

What’s in it for you as an employee of QFG?

• Health & wellbeing resources and programs
• Paid vacation, personal, and sick days for work-life balance
• Competitive compensation and benefits packages
• Work-life balance in a hybrid environment with at least 3 days in office
• Career growth and development opportunities
• Opportunities to contribute to community causes
• Work with diverse team members in an inclusive and collaborative environment
  
  
  

What’s it like working as a SOC Analyst, Incident Response, JSOC at Questrade?

Your contribution delivering sustainable and measurable results in the following areas will be very important:

Administration and management of the various cybersecurity tools used by the wider Joint Security Operations Centre team, such as Endpoint Detection & Response (EDR), Vulnerability Scanning, Attack Surface Management, Identifying and responding to cyber threats - that pose a risk to our reputation and brand, and may result in a compromise. Day to day activities include overseeing system upgrades and expanding capabilities, monitoring system health and troubleshooting system issues, ensuring asset coverage, and managing user access for these tools. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs, providing metrics on the management of these systems and tickets addressed, and conducting monitoring and response activities. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as contribute to process improvements and build documentation for new tools.

Need more details? Keep reading...

You will:

• Monitor, analyze and report possible cybersecurity attacks.
• Investigate and perform analysis of threat indicators.
• Gather Indicators of compromise and any relevant data to use with threat hunting activities.
• Leverage security tools (SIEM, EDR, and more) for analysis to identify malicious activities.
• Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
• Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
• Participate in on-call and hands on scheduled shift rotations including off business hours.
• Collaborate well and work with other cybersecurity and IT team members.
• Coordinate Security Incident Response and investigation with other internal teams and 3rd party providers.
• Conduct incident investigations using security tools and solutions (SIEM, EDR, firewalls, etc.).
• Complete Security Incident and Investigation reports.
• Onboard and monitor cloud environments (Azure, AWS, or GCP) into SIEM.
• Develop and document processes, operational procedures, and enhance playbook workflows.
• Deploy, manage and administer tools used by other cybersecurity teams related to endpoint protection, email security, vulnerability scanning, etc
• Review enterprise security tools and controls to review system health, identify misconfigurations, and implement tuning recommendations per vendor best practices
• Maintain existing or create new procedures and processes for administering and managing cybersecurity tools under the purview of the team
• Respond to and address support tickets for our tools that arise from different end users and teams via the enterprise ticketing system
• Provide proactive security investigation and searches on corporate environments to detect malicious activities.
• Maintain up-to-date understanding of security threats, countermeasures, security tools, Cloud Security and SaaS technologies.
• Maintain technical proficiency through training, keeping up with industry best practices, and security frameworks
• Report on team metrics for the CISO leadership team and the IT & Cyber GRC team
• Report on all applicable compliance related obligations
  
  
  

So are YOU are our next JSOC SOC Analyst? You are if you have…

• 3+ years of relevant experience in performing, Cybersecurity operations, Cybersecurity Threat Intelligence, Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.
• Knowledge of NIST Cybersecurity Framework, MITRE ATT&CK.
• Knowledge of creation and fine tuning SIEM use cases.
• Security monitoring experience with cybersecurity and SIEM technologies.
• Experience with building SOC processes, playbooks, SIEM correlation rules, and incident reports.
• Experience with threat hunting and security incident investigation.
• Knowledge of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.
• Knowledge of incident investigation, working with in-house and vendor teams to research, identify and report on incidents.
• Knowledge of security incident management, malware analysis and vulnerability management processes.
• Strong technical and learning agility, able to adapt to constantly evolving threats, domains and technologies.
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
• Experience with the security logging and monitoring of cloud environments.
• Experience analyzing different data sets and preparing metrics and reports (e.g. Excel, Sheets, PowerBI)
• Experience with Atlassian products, especially JIRA and Confluence
  
  
  

Brownie points if you have…

• CEH, CSA, CHFI, ECIH or similar relevant certifications.
• Familiarity with programming languages such as Python, JS and others.
• Hands on technical expertise in the following types of tools: EDR, infrastructure vulnerability scanning, cloud based scanning, data loss prevention, external attack surface management, network scanning, incident response, SIEM, access management
  
  
  

Sounds like you? Click below to apply!

At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.

Questrade Financial Group of companies Applicant Tracking System utilizes artificial intelligence (AI) for application screening. The AI system operates on predetermined criteria, with final decisions subject to human review.

Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.

Apply Now