Cybersecurity Operations Analyst

At McMaster University, our people are our most valuable asset. We strive to attract, develop, and retain talented faculty and staff, and to foster inclusive excellence which values the strengths, perspectives, and contributions of each individual. McMaster’s profile and stature has evolved to one of the Top 70 Universities in the World and we are recognized as Canada’s Most Research Intensive University. McMaster is also recognized as one of the top employers in the Hamilton/Niagara region and has been recognized as one of Canada’s Top Diversity employers in each of 2019, 2020, 2021 and 2022.

About the position

Our University Technology Services team mission is to provide exceptional customer service and a high level of support to the McMaster community. Critical to the success of this role we stand by and value integrity, mutual respect, collaboration and cooperation in support of the University’s IT Strategic Vision of a connected One IT community.

The McMaster IT Security team provides information security services, best practices, and expertise to the McMaster community to maintain the confidentiality, integrity, and availability of information.

Are you the right candidate?

Reporting to the Manager, IT (Security Operations), the Cybersecurity Operations Analyst is responsible for all security operations activities such as triage and escalation, incident response, investigations, detection, monitoring, endpoint protection, and security awareness to mitigate against information security threats and risks.

The Cybersecurity Operations Analyst acts as a technical and consulting resource for complex issues related to various University departments and units with respect to informaiton security systems. Supports the University’s academic and administration departments by acting in a technical capacity in all phases of operations and the project life cycle for small to medium projects and components of large projects, including post-production support and ongoing maintenance pertaining to information security. Continuously gains an understanding of the University's operations and processes and how systems are used in support of those operations. Works under general direction within a clear framework of accountability and exercises substantial personal responsibility and accountability to deliver results to the University.

Required Skills

• 1-3 years of experience working in security operations (SOC).
• 1-3 years of experience with leading and handling security incidents, including incident response triage, escalation, and remediation.
• Security certification such as CIH, CHFI, CSA, SSCP, GCIH, CISSP or other similar security certification.
• Leading security detection, monitoring and analysis activities using security information and event management (SIEM), EDR/XDR and cyber threat intelligence tools.
• Experience investigating and responding to security incidents efficiently and effectively (e.g., compromised accounts, malware, ransomware, vendor breaches, spam, and phishing reports, etc.)
• Experience analyzing indicators of compromise, identifying false positives, blocklisting, sandbox analysis of suspicious artefacts, and malware.
• Experience with Security Orchestration, Automation and Response (SOAR) solutions, low-code/no-code integrations, building dashboards and configuring analysis rules.
• Experience with a variety of security tools and technologies (e.g. EDR/XDR, SIEM, Vulnerability Management, Firewalls, etc.).
• Providing end user support and troubleshooting for multi-factor authentication (MFA).
• Knowledge of cybersecurity frameworks and methodologies such as NIST, OWASP, MITRE ATT&CK, TTPs, OODA Loop, PCI-DSS, etc.
• Experience with Azure and M365 cloud security technologies (M365 Security, Azure Cloud Security, Azure Sentinel, Microsoft Defender for Cloud, Azure Firewalls, Azure SSO, etc.)
• Experience with SSL Certificate Management and Cryptographic Key Management.
• Experience with scripting tools and languages such as PowerShell or python.
• Documentation of information security, best practices, guidelines, procedures, and playbooks.
• Excellent written and verbal communications.

Key Responsibilities

• Provide design and support for technology in server related environments, and information security infrastructure and other related environments.
• Critically evaluate information gathered from multiple sources, reconcile conflicts, decompose high-level information into details, abstract up from low-level information to a general understanding, and distinguish user requests from the underlying true needs.
• Perform advanced levels of analysis, problem solving and research skills to formulate solutions to complex business needs.
• Conduct gap analyses.
• Develop strategies for implementing new services and upgrades on production systems.
• Troubleshoot computer system issues that may require an end-to-end evaluation of University wide systems often spanning multiple heterogeneous hosts and locations across the University and with external service providers.
• Ensure the availability and performance of the current production storage, information processing, and computing environment in assigned and related areas of the organization.
• Test system architecture in order to minimize risks to the production systems.
• Investigate, evaluate, compare, and demonstrate new hardware and software products, and new computing techniques which could enhance the University’s computing, information processing, and information security environment.
• Undertake study and pilot projects to assess and select commercial technology alternatives.
• Provide technical assistance to individual user groups, user support, and operational staff in the introduction and development of specialized systems and services.
• Ensure individuals conform to organizational information processing, use of network, and computing standards through the proper publication and awareness of policies.
• Plan and coordinate the technology refresh for large and complex interconnected systems.
• Contribute to the development of cost and time estimates for the technical architecture components of project implementation.
• Deliver workshops and demonstrate new technologies to campus staff as systems are being implemented.
• Prepare and present training for user support and operational staff through technical seminars and documentation.
• Prepare procedures for restoring systems to full operation after hardware and software component failures on both production and test systems.
• Prepare contingency plans for recovering services and operations after incidents including, but not limited to, power blackouts, water damage, or structural building failures and contribute to the planning and development of disaster recovery scenarios.
• Undertake projects such as performance monitoring and capacity planning to monitor the overall reliability and effectiveness of the computing systems and information processing architecture including storage area networks.
• Design, implement, and document support processes, procedures, and mechanisms that inter-connect heterogeneous systems in support of the integration of processes and data flow.
• Gather and compile information and create reports and graphs for capacity planning, and performance metrics.
• Utilize the appropriate control tools to coordinate small and medium size projects according to Project Management Office methodologies.
• Develop success criteria and risk assessments for small to medium size projects and changes.
• Develop, implement, and document best practices to align with departmental and University strategies and processes.
• Work independently with users to define concepts.
• Ensure that projects meet specified functionality requirements.
• Prepare and review recommendations and other project initiation documents.
• Document system functionality, particularly related to new enhancements.
• Develop and maintain information technology process flow, methodology, and control documentation.
• Assist with the development of project proposals and estimates.
• Resolve problems in the test, production implementation, and post-implementation phases in coordination with other technical and business groups.
• Liaise between the technology and support teams.
• Communicate project, issue, and system status to others.
• Communicate testing results to other stakeholders.
• Facilitate effective dialog between user community and technical staff.
• Interact with and exchange information with colleagues.
• Follow a test script and document defects.
• Work with others to prioritize and schedule issues resolution.
• Plan, schedule, and monitor own work within short time horizons.
• Organize individual time, work and resources to accomplish objectives in the most effective and efficient way.
• Understand and use appropriate methods, tools, and applications to complete work tasks.
• Demonstrate a rational and organized approach to work and identify development opportunities.
• Absorb technical information when it is presented systematically and apply it effectively.
• Use measurement methods to monitor progress toward goal attainment, tenaciously working to meet or exceed those goals, while deriving satisfaction from the process of goal achievement and continuous improvement.
• Ensure that the internal and external customer perspective is a driving force behind decisions and activities.
• Follow service practices that meet customers’ and University needs.
• Interact with others in a way that gives them confidence in one’s intentions and those of the University.
• Work collaboratively with others to achieve departmental and institutional goals. Actively participate as a member of a team to move the team toward the completion of goals.
• Perform a range of varied work activities in a variety of structured environments.
• Successfully engage in multiple initiatives simultaneously.
• Apply and enforce department change control policies and procedures.
• Read and understand a complex project plan and develop simple project plans.
• Remain current with relevant development and project methodologies.
• Remain current with security policies and procedures and work with Security System Administrators to implement security changes.
• Remain current with the different levels of testing and develop simple use cases and test scripts.

Additional Information:

The Cybersecurity Operations Analyst has experience with triage and ticket tools (ServiceNow, PagerDuty, Atlassian Jira, etc.) and with ITIL change management processes.

To apply for this job, please submit your application online.

McMaster University is located on the traditional territories of the Haudenosaunee and Mississauga Nations and within the lands protected by the “Dish With One Spoon” wampum agreement.

The diversity of our workforce is at the core of our innovation and creativity and strengthens our research and teaching excellence. In keeping with its Statement on Building an Inclusive Community with a Shared Purpose, McMaster University strives to embody the values of respect, collaboration and diversity, and has a strong commitment to employment equity.

The University seeks qualified candidates who share our commitment to equity and inclusion, who will contribute to the diversification of ideas and perspectives, and especially welcomes applications from indigenous (First Nations, Métis or Inuit) peoples, members of racialized communities, persons with disabilities, women, and persons who identify as 2SLGBTQ+.

As part of McMaster’s commitment, all applicants are invited to complete a confidential Applicant Diversity Survey through the online application submission process. The Survey questionnaire requests voluntary self-identification in relation to equity-seeking groups that have historically faced and continue to face barriers in employment. Please refer to the Applicant Diversity Survey - Statement of Collection for additional information.

Job applicants requiring accommodation to participate in the hiring process should contact:

• Human Resources Service Centre at 905-525-9140 ext. 222-HR (22247), or
• Faculty of Health Sciences HR Office at ext. 22207, or
• School of Graduate Studies at ext. 23679

to communicate accommodation needs.

To ensure an ongoing and vibrant University community that meets the needs of our students, staff and faculty and supports the University mission, ability to work on-site continues to be a requirement for most University positions. The University is supportive of exploring flexible work arrangements that effectively balance operational needs and employee interests.