We are looking for an Incident Management Specialist – Level 2 for our client who meets the following criteria:
Language: English.
Security Clearance: Top Secret – Sigint.
Location of Work: On site at 1929 Ogilvie Rd CSE location located in Ottawa, Ontario.
Mandatory requirements:
Must have a university degree in computer engineering, software engineering, computer sciences, or mathematics or related college diplomas.
Must have demonstrated a minimum of 5 years of experience within the last 7 years as an Incident Management Specialist.
Must have 5 years of experience within the last 7 years in monitoring or supporting an environment with over 200 employees working with a combination of one or more of the following technologies:
Arc Sight
Debian Linux or derivatives such as Ubuntu
The Elastic Stack
Gigamon Gigavue
Graylog
Netscout nGenius Packet Flow Switch
Red Hat Enterprise Linux, or a Red Hat Enterprise Linux compatible distribution such as CentOS, Rocky Linux, Alma Linux, or Oracle Linux
Snort
Splunk
Suricata
Zeek
Must have at least 2 years of experience within the previous 5 years monitoring Linux systems.
Nice to have requirements:
Nice to have at least 2 years of experience within the previous 8 years providing network monitoring for a classified system.
Nice to have at least 2 years of experience within the previous 8 years working in a team environment: either in operations, monitoring or engineering.
Nice to have taken courses in network security monitoring or received certificates for network security monitoring.
Valid certificates include:
GIAC Continuous Monitoring Certification (GMON)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Detection Analyst (GCDA)
GIAC Certified Incident Handler (GCIH)
GIAC Defending Advanced Threats (GDAT)
CertNexus Certified First Responder (CFR)
Elastic Certified Analyst
Elastic Certified Observability Engineer
Splunk Core Certified Advanced Power User
Splunk Enterprise Certified Administrator
Red Hat Certified Engineer
Cisco Certified CyberOps Associate
Cisco Certified Network Professional Security (CCNP Security)
CompTIA Cyber Security Analyst (CySA+)
EC Council Certified Network Defender (CND)
EC Certified SOC Analysts (CSA)
Nice to have at least 2 years of experience within the previous 8 years in monitoring and list the specific reference architecture that was applied (NIST SP 800-53, ITSG-33, NSA CSFC, NCDSMO CDS Design and Implementation Requirements).
Nice to have at least 2 years of experience within the previous 8 years monitoring Linux systems.
Nice to have at least 2 years of experience in the previous 8 years in a production environment deploying, configuring, and supporting Splunk Enterprise or the Elastic Stack.
Nice to have at least 2 years of experience in the previous 8 years developing detection signatures. Experience must include demonstrations that relate to one of the following: Arc Sight, Elastic Stack, Graylog, Netflow, Snort, Splunk, Suricata, or Zeek.
Nice to have at least 1 year of experience in the previous 8 years in a production environment monitoring data diodes.
Nice to have at least 1 year of experience within the previous 8 years in a production environment monitoring CDS Guards.
If interested, please reach out to Girlie at girlie@mdosconsulting.com