Job Description
Description
Being part of Air Canada is to become part of an
iconic Canadian symbol, recently ranked the best Airline in North America. Let
your career take flight by joining our diverse and vibrant team at the leading
edge of passenger aviation.
The Specialist, Cyber Operations will be working in
a fast paced and innovative environment for one of North America’s top
airlines. The role is responsible for leading the technical direction of Air
Canada’s cyber monitoring, detection, and response systems. Air Canada’s cyber
security systems are foundational to protecting the data and systems that allow
its customers to fly safely. Cyber security threats continue to evolve, and the
Cyber Security Operations Specialist role will evolve with it. As a specialist
you will be expected to lead the technical direction of cyber security
technologies, deploy, and configure new cyber security technologies, develop
standard operating procedures that will be used by members of the Cyber
Security Operations Centre team, inspire and train a team of 7x24 Cyber
Security Analysts on preventing/detecting/responding to security threats, and
establish relationships with Air Canada service owners to protect their data
and systems.
This position will be reporting to the Manager,
Cyber Operations.
Purpose
Responsible for the security posture of Air Canada’s
technology environment.
Responsible for security monitoring, response, and
remediation activities of Air Canada’s technology environment.
Responsible for creating opportunities for new and previously
unknown avenues for threat intelligence.
Functional Accountabilities
Develop and maintain a Security Incident Event
Management (SIEM) system for a 7x24 team of cyber security analysts.
Develop and maintain detection and response
technologies that continuously evolve with the changing cyber threat landscape.
Automate Security related tasks with a high degree
of efficiency leveraging a SOAR platform.
Act as an escalation point for tier 1 and 2 cyber
security analysts responding to cyber security incidents.
Create, support, and maintain all pertinent
documentation, which includes but is not limited to, root cause analysis,
standard operating procedures, incident response plans, applicable standards
for monitoring and security tooling.
Perform Digital Forensics, Incident Response (DFIR)
and threat hunting activities using relevant actor TTP's and IOCs.
Monitor compliance with information security
policies and procedures.
Develop, manage, measure and report on key
service-level metrics showcasing the effectiveness of the Cyber Security
Operations program.
Provide expertise in the definition, selection and
implementation of IT Security and Business Continuity related controls to the
IT Department.
Develop and communicate operational security
objectives; inspire, motivate and train team members to follow and achieve
organizational security standards.
Responsibilities
Lead business and technology analysis efforts for
the Cyber Security Operations Centre.
Lead requirements and analysis efforts, including
translating business requirements.
Lead use case creation efforts.
Lead Planning and monitoring processes for a
particular functional area which may include onboarding new data sources for
monitoring.
Define and maintain methods, techniques and
calculations for identifying ways to improve security operational processes.
Be a senior technical resource and subject matter
expert on matters related to cyber security.
Maintain up-to-date understanding of security
threats, countermeasures and security tools.
Qualifications
A relevant University degree/technical
certification, and/or relevant experience commensurate to the role.
7-12 years of IT technology, operations and people
leadership experience in a large company
Demonstrated experience (5 years +): Incident/Major
Incident, ITIL process concepts and execution (Incident Management, Problem
Management, and Change Management), cyber security incident response,
Enterprise SIEM technologies (i.e., Sentinel, Arcsight, Splunk, QRadar,
Elastic, LogRhythm), Threat intelligence management
Experience with enterprise SOAR technologies (i.e.,
LogRhythm, Logichub, Demisto, etc.)
Certification in Information Security (Any advanced
blue/purple team training).
Experience with Azure and AWS.
Experience and knowledge of packet flow, TCP/UDP
traffic, firewall technologies, IPS technologies, proxy technologies, WAF
Technologies, mail filtering solutions, antivirus, EDR, Windows and Linux based
operating systems.
Ability to create complex regular expressions and
queries for detection and parsing purposes.
Scripting knowledge in Python and PowerShell .
This position requires a high level of availability
and flexibility as shift work may be part of the requirement as this role is
part of our 24/7 IT Operations.
Able to communicate effectively and to work
collaboratively with all levels of the organization with superior verbal and
written skills.
Superior customer service and client interfacing
skills.
Behavioral Competencies
Ability to work effectively under pressure and in
rapidly changing environments or uncertain conditions.
Takes responsibility for the results and actively
participates in the future direction of the organization.
Ability to work cooperatively with others on a team,
and to establish and maintain effective business relationships.
Ability to maintain a professional and assertive
demeanor under challenging situations and possesses confidence to act on
critical decisions.
Able to handle multiple tasks in a fast-paced
environment.
Working Conditions:
After hours on-call support for escalations.
Ability to travel and work effectively with remote
teams.
Working from home office if not located at core
locations.
Conditions of Employment:
Candidates must be eligible to work in the country
of interest, at the time any offer of employment is made and seeking any
required work permits/visas or other authorizations which may be required is
the sole responsibility of the candidates applying for this position.
Linguistic Requirements
Based on equal qualifications, preference will be
given to bilingual candidates.
Diversity and Inclusion
Air Canada is strongly committed to Diversity and
Inclusion and aims to create a healthy, accessible and rewarding work
environment which highlights employees’ unique contributions to our company’s
success.
As an equal opportunity employer, we welcome
applications from all to help us build a diverse workforce which reflects the
diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest;
however only those selected to continue in the process will be contacted.