In a nutshell :
Role Description
Threat Specialist, Level 2, works within the CDC (Cyber Defence Centre) and is responsible for the monitoring of systems, investigating root causes, and coordinating with Level 1 and 3 Analysts / engineers for analysis and response. Also will deliver strong Incident response capabilities, oversight of technical controls and assist with continual service improvement. The Threat Specialist works using log data as well as many security tools, and ticketing systems.
Roles and Responsibilities:
- Monitor alerts automatically generated by security systems -SIEM
- Monitor threats and new attack techniques being disclosed in the wild
- Investigate events to determine if they are true events or false positives
- Create new ways to search for potentially suspicious events on systems
- Participate in projects to improve security monitoring toolkits as well as to improve defensive controls
- Provide different types of data to measure security and compliance
- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
- Isolate and remove malware.
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
- Notify designated managers, cyber incident responders and articulate the event's history, status, and potential impact for further action in accordance with the organization's incident response plan.
- Work with stakeholders to resolve computer security incidents and vulnerability compliance.