Protect and Defend

 

5.1 Cyber Security Analyst


Basic Job Description

Coordinates and remediates cyber incidents and threats to and within an organization by using data collected from various cyber defence tools to monitor, identify, analyze, report, and prevent threats and events.

Cyber Security Related Tasks

  • Differentiate and analyze network traffic to identify irregular/malicious activity and potential threats to network resources;
  • Analyze irregular/malicious activity and potential threats using information gathered from various sources within the organization to gain situational awareness and determine the root cause and the effectiveness of an attack;
  • Provide timely detection, identification, and alerting of irregular/malicious activities and potential threats/attacks and distinguish these incidents and events from benign activities;
  • Document and escalate incidents or threats that may cause ongoing and immediate impact to the organization;
  • Notify management, cyber incident responders/handlers, and colleagues of suspected incidents and threats and potential impact for further action based on the organization’s cyber incident response plan;
  • Use cyber defence tools for continual monitoring and analysis of network traffic/systems to identify irregular/malicious activity and potential threats;
  • Recommend and install appropriate tools and countermeasures based on threats and vulnerabilities;
  • Define, develop, implement, and maintain cyber security policies and procedures;
  • Plan, implement and upgrade security measures, controls, and protocols to protect information systems against cyber incidents or threats;
  • Conduct vulnerability testing, risk analyses, and security assessments;
  • Isolate and remove malicious software;
  • Anticipate security alerts, incidents and threats and reduce their likelihood;
  • Assist and coordinate with colleagues to validate security alerts, incidents and threats; and
  • Conduct research, analysis and prepare cyber defence trend reports and internal and external audit reports.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g.; Computer Science, Information Technology, Computer Engineering or equivalent);
  • Certifications an asset: Global Information Assurance Certification (GIAC); Certified Information Systems Security Professional (CISSP); Computing Technology Industry Association (CompTIA) Security+; and
  • Previous training and experience in network security is preferred – 1-3 years of experience for entry-level; 5 years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

Knowledge of and skills in

  • Technical knowledge of networks, computer architecture, data structures, and algorithms;
  • C, C++, Java, Python, and similar computer programming languages;
  • Cryptography and cryptographic key management concepts;
  • A working knowledge of cyber security and privacy principles and methods (e.g., firewalls, encryption, virtual private network devices);
  • Authentication, authorization, and access control methods, mechanisms;
  • Controls related to the use, processing, storage and transmission of data;
  • Network access, identity, and access management;
  • Network protocols and packet analysis tools;
  • Operating systems and system administrations hardening techniques;
  • Intrusion detection system (IDS)/Intrusion prevention system (IPS), penetration and vulnerability testing;
  • System testing and evaluation methodologies and processes;
  • Data loss prevention (DLP), anti-virus and anti-malicious software;
  • Incident response and handling methodologies;
  • Current and emerging technology and cyber security technologies; and
  • Applicable laws, regulations, policies and ethics as they relate to cyber security.

Key Proficiencies

Analytical, Attention to Detail, Interpersonal, Communication skills

5.2 Industrial Control Systems (Ics) Security Analyst


Basic Job Description

Performs engineering and technical tasks in support of industrial control system (ICS) to ensure they are functioning properly and secure.

Cyber Security Related Tasks

  • Actively monitor ICS system performance and health, and troubleshoot and resolve hardware or software interoperability issues, and system outages and faults, and cyber threats;
  • Design, install, operate and maintain equipment, servers, networks and other components to ICS system;
  • Conduct maintenance and upgrades;
  • Conduct vulnerability testing, risk analyses, and security assessments;
  • Conduct analysis and review, and report on system vulnerability;
  • Research and evaluate new technologies and processes that enhance security capabilities;
  • Research and develop a system security context and define system security requirements based on industry standards and cyber security policies and practices;
  • Ensure acquired or developed systems are consistent with cyber security policies and practices;
  • Conduct security reviews and identify gaps or cyber threats in ICS system;
  • Prepare technical reports that document the system development process;
  • Document and address an organization’s information security and systems security engineering requirements throughout the system life cycle;
  • Define, develop, implement, and maintain infrastructure policies, standards, and procedures;
  • Develop and maintain project reports, assessments, and other relevant documents; and
  • Develop, deliver, and oversee training material and educational efforts.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Computer Engineering, Computer Science, Information Systems, Control Systems Engineering, Mathematics, or equivalent);
  • Previous training and experience in a process control or ICS is preferred – 2-3 years of experience for entry-level; 5-10 years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • ICS systems software and hardware, programmable logic controllers, and digital and analog relaying;
  • Telemetry systems, data communications, data acquisition and process control;
  • Operating systems, networking, and communications systems concepts;
  • Computer and networking troubleshooting and maintenance procedures;
  • Network administration principles and practices;
  • System life cycle management principles, including software security and usability;
  • System testing and evaluation methodologies and processes;
  • Measures or indicators of system performance, availability, capacity, or configuration problems;
  • Analysis tools and network protocols;
  • Diagnostic tools and fault identification techniques; and
  • Develop assessments, reports and relevant documents.

Key Proficiencies

Research, Analytical, Problem-solving, Organizational, Interpersonal, Communication skills

5.3 Information Security Analyst


Basic Job Description

Coordinates the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Cyber Security Related Tasks

  • Monitor and analyze systems to identify security breaches;
  • Provide timely detection, identification, and alerting of security breaches;
  • Document and escalate breaches that may cause ongoing and immediate impact to the organization;
  • Notify management and colleagues of suspected security breaches and potential impact for further action based on the organization’s cyber incident response plan and cyber security policies;
  • Recommend and install and maintain software to protect information;
  • Define, develop, implement, and maintain cyber security policies and procedures;
  • Plan, implement and upgrade security measures, controls, and protocols to protect digital files and information systems against cyber incidents or threats;
  • Conduct vulnerability testing, risk analyses, and security assessments; and
  • Conduct research, analysis and prepare cyber defence trend reports and internal and external audit reports.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g.; Computer Science, Information Technology, Computer Engineering or equivalent);
  • Certifications an asset: Global Information Assurance Certification (GIAC); Certified Information Systems Security Professional (CISSP); Computing Technology Industry Association (CompTIA) Security+; and
  • Previous training and experience in information security is preferred – 1-3 years of experience for entry-level; 5 years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Technical knowledge of networks, computer architecture, data structures, and algorithms;
  • C, C++, Java, and similar computer programming languages;
  • Cryptography and cryptographic key management concepts;
  • A working knowledge of cyber security and privacy principles and methods (e.g., firewalls, demilitarized zones, encryption, virtual private network devices);
  • Authentication, authorization, and access control methods, mechanisms;
  • Controls related to the use, processing, storage and transmission of data;
  • Information assurance;
  • Network access, identity, and access management;
  • Transmission Control Protocol and Internet Protocol;
  • Intrusion detection system (IDS)/Intrusion prevention system (IPS), penetration and vulnerability testing;
  • System testing and evaluation methodologies and processes;
  • Data loss prevention (DLP), anti-virus and anti-malicious software;
  • Incident response and handling methodologies;
  • Current and emerging technology and cyber security technologies; and
  • Applicable laws, regulations, policies and ethics as they relate to cyber security.

Key Proficiencies

Analytical, Problem-solving, Attention to Detail, Organization, Time Management, Interpersonal, Communication skills

5.4 Vulnerability Assessment Analyst


Basic Job Description

Scans applications and operating systems to identify flaws, and vulnerabilities; and conducts and presents vulnerability assessments on an organization’s networks and systems.

Cyber Security Related Tasks

  • Identify flaws in applications and systems that cyber actors could exploit;
  • Conduct vulnerability assessments of relevant technology (e.g., computing environment, network and supporting infrastructure, and applications);
  • Prepare and present comprehensive vulnerability assessments;
  • Conduct network security audits and scanning;
  • Maintain deployable cyber defence audit toolkit (e.g., specialized cyber defence software and hardware) to support cyber defence operations;
  • Prepare audit reports that identify technical and procedural findings, and make recommendations on corrective strategies and solutions;
  • Conduct and/or support authorized penetration testing on organization networks and systems;
  • Define and review requirements for information security solutions; and
  • Make recommendations on the selection of cost-effective security controls to mitigate risks.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g.; Information Technology, Computer Science or equivalent);
  • Certifications an asset: Certified Information Systems Security Professional (CISSP); and
  • Previous training and experience in identity and access management is preferred – 2-3 years of related work experience for entry-level; 5-7 years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • System and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, structured query language (SQL), malicious code);
  • Penetration testing principles, tools, and techniques;
  • System administration, network, and operating system hardening techniques;
  • Packet analysis using appropriate tools;
  • Risk management processes for assessing and mitigating risks;
  • System administration concepts;
  • Cryptography and cryptographic key management concepts;
  • Conducting vulnerability scans and recognizing vulnerabilities in security systems;
  • Conducting vulnerability/impact/risk assessments;
  • Reviewing system logs to identify evidence of past intrusions;
  • Using network analysis tools to identify vulnerabilities;
  • Using social engineering techniques; and
  • Identifying security issues based on the analysis of vulnerability and configuration data.

Key Proficiencies

Research, Analytical, Attention to Detail, Interpersonal, Communication skills

5.5 Penetration Tester


Basic Job Description

Conducts formal, controlled tests and physical security assessments on web-based applications, networks, and other systems as required to identify and exploit security vulnerabilities.

Cyber Security Related Tasks

  • Complete penetration tests on web-based applications, network connections, and computer systems to identify cyber threats and technical vulnerabilities;
  • Conduct physical security assessments of an organization’s network, devices, servers, systems, and facilities;
  • Develop penetration tests and the tools needed to execute them;
  • Investigate for unknown security vulnerabilities and weaknesses in web applications, networks, and relevant systems that cyber actors can exploit;
  • Develop and maintain documents on the results of executed pentesting activities;
  • Employ social engineering to uncover security gaps;
  • Define and review requirements for information security solutions;
  • Analyze, document, and discuss security findings with management and technical staff; and
  • Provide recommendations and guidelines on how to improve upon an organization’s security practices.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Information Technology, Computer Science, Computer Engineering, Computer Forensic or equivalent);
  • Certifications an asset: Global Information Assurance Certification (GIAC); Computing Technology Industry Association (CompTIA) Security+; Offensive Security Certified Professional (OSCP); and
  • Previous training and experience in cyber security role supporting cyber defence, incident or vulnerability management is preferred – 1-3 years of security-related experience for entry-level; 7-10 years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Cryptography and cryptographic key management concepts;
  • Virtual Private Network devices and encryption solutions;
  • Penetration testing principles, tools, and techniques;
  • Vulnerability assessment and penetration testing methodologies and applications;
  • System and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, structured query language (SQL), malicious code);
  • Network security architecture concepts and principles;
  • Conduct security audits;
  • Develop secure code;
  • Using reverse engineering techniques.

Key Proficiencies

Research, Analytical, Interpersonal, Communication skills

5.6 Cyber Security Incident Responder/Handler


Basic Job Description

Provides immediate and detailed response activities to mitigate or limit unauthorized cyber security threats and incidents within an organization. This includes planning and developing courses of action; prioritizing activities; and supporting recovery operations and post-incident analysis.

Cyber Security Related Tasks

  • Perform real-time cyber defence incident handling tasks (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation);
  • Conduct triage to identify and analyze cyber incidents and threats;
  • Actively monitor networks and systems for cyber incidents and threats;
  • Conduct risk analysis and security reviews of system logs to identify possible cyber threats;
  • Conduct analysis and review, and/or apply network scanners, vulnerability assessment tools, network protocols, internet security protocols, intrusion detection systems, firewalls, content checkers and endpoint software to detect threats;
  • Collect and analyze data to identify cyber security flaws and vulnerabilities and make recommendations that enable prompt remediation;
  • Develop and prepare cyber defence incident analysis and reporting;
  • Develop, implement, and evaluate prevention and incident response plans and activities, and adapt to contain, mitigate or eradicate effects of cyber security incident;
  • Provide incident analysis support on response plans and activities;
  • Conduct research and development on cyber security incidents and mitigations; and
  • Create a program development plan that includes security gap assessments, policies, procedures, playbooks, and training manuals.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g.; Computer Science, Computer Engineering, Computer Forensics or equivalent);
  • Certifications an asset: Global Information Assurance Certification (GIAC); Certified Information Systems Security Professional (CISSP); and
  • Previous training and experience in network security is preferred – 2-3 years of security/incident response experience for entry-level; five years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • System and application-based security threats and vulnerabilities;
  • Cyber threat actor tactics, techniques, and procedures (TTPs);
  • Malware analysis methodologies, tools and techniques;
  • Cyber security investigations and evidence preservation;
  • Vulnerability assessment basics;
  • Incident management processes, responsibilities and authorities;
  • Incident handling and response methodologies;
  • Incident handling in the cloud and virtualized environments;
  • Incident handling in wireless and mobile device environments; and
  • Business continuity and disaster response basics.

Key Proficiencies

Analytical, Problem-solving, Organizational, Time Management, Interpersonal, Communication skills

5.7 Digital Forensics Analyst


Basic Job Description

Conducts digital forensics to analyze evidence from computers, networks, and other data storage devices. This includes investigating and preserving electronic evidence; planning and developing tools; prioritizing activities; and supporting recovery operations and post-incident analysis.

Cyber Security Related Tasks

  • Perform real-time cyber defence incident investigations (e.g., forensic collections, intrusion correlation and tracking, and threat analysis);
  • Investigate security incidents;
  • Plan forensics analysis activities for cyber incidents;
  • Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defence incidents;
  • Identify and accurately report on digital forensic analysis artifacts;
  • Capture and analyze network traffic associated with malicious activities using network monitoring tools;
  • Contribute to post-analysis on security incidents and make recommendations based on forensics activities;
  • Develop and maintain investigative and technical reports;
  • Provide technical assistance on digital evidence matters to appropriate personnel;
  • Compile evidence for legal cases, and provide expert testimony at court proceedings;
  • Manage digital evidence in accordance with appropriate chain of custody requirements;
  • Identify and manage secure analysis infrastructure/laboratory;
  • Operate digital forensics systems (as required based on function and systems available); and
  • Prepare and review forensics policies, standards, procedures and guidelines.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Computer Science, Computer Forensic, Computer Engineering or equivalent);
  • Certifications an asset: Certified Information Systems Security Professional (CISSP); Global Information Assurance Certification (GIAC); and
  • Previous training and experience in IT security analyst or incident response activities is preferred – 1-3 years of forensics experience for entry-level; five years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Incident response and handling methodologies;
  • Digital forensics methodologies, processes and practices;
  • Anti-forensics tactics, techniques, and procedure;
  • Processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data;
  • Seizing and preserving digital evidence;
  • Applicable laws, regulations, policies and ethics as they relate to investigations and governance;
  • Legal rules of evidence and court procedures, presentation of digital evidence, testimony as an expert witness;
  • System or device specific forensics (e.g. memory, mobile device, network, computer (dead box), etc.);
  • Malware analysis tools and techniques; and
  • Reverse engineering.

Key Proficiencies

Research, Analytical, Attention to detail, Interpersonal, Communication skills

Date modified: