Security Analytics and Incident Response Analyst

About The Role

We’re looking for a Security Analytics and Incident Response Analyst to join our team for a role to work remotely based in Canada. You will help define and build our threat hunting and security monitoring capability.

What You’ll Be Doing

Reporting to our Product Security Manager, you will:

• Perform a blended threat hunter, security operations, and incident response role for KOHO with a focus on automation.
• Perform and automate threat hunting activities, in conjunction with GenAI, to discover advanced attacks and deviations from normal behaviour.
• Investigate and respond to alerts and threats against KOHO and its users through log analysis, EDR tools, event correlation, and memory dumps.
• Build security monitoring use cases within a SIEM, or similar platform, against the MITRE ATT&CK framework and previous alerts, with an eye towards automating the response. This is for both internal security monitoring and to monitor for the security of KOHO’s users.
• Automate playbooks based on the use cases that you create.
• Conduct and document forensic analyses of security incidents.

Who You Are

• You can demonstrate working knowledge of
  • AWS, in the areas of investigating cloud security, IAM, and network topology.
  • Scripting or implementing automation workflows (i.e. SOAR).
  • SIEMs and/or other large data lakes.
  • System and application security threats and vulnerabilities (e.g. cross-site scripting, SQL injection, race conditions, cover channel, malicious code, buffer overflow).
  • Network traffic capture and analysis.
  • Malware analysis concepts and methodologies.
  • Adversarial TTPs.
  • Python, SQL, SPL
• You have a passion for cyber security, especially within financial institutions.
• You have a passion to act as a curious detective among swaths of data.
• You have the ability to work cross functionally. This is a role where soft skills are important in order to ensure partnerships within and outside KOHO and to communicate the risk back to the organization in a clear and concise manner.
• You are organized and able to confidently track and show the progress of multiple project streams while working on operational tasks.
• Graduates of software engineering, computer science, data science, data analytics or statistics programs and are looking for a career change to cybersecurity should feel confident to apply. The team is happy to coach and train where required.
• Nice to have: Experience in banking fraud and digital threats