Career Opportunities Contact Us Français Italiano
Home Services Solutions Profile
In order to meet the growing needs of our customers, we are constantly searching for dynamic, qualified individuals to join the CTC resource team. Currently, there are several career opportunities available at CTC. If you feel you satisfy the qualifications for one of the positions listed on this page, please send your CV to resources@ctcinc.ca identifying the position(s) you are interested in. Qualified individuals will be contacted by our human resources department.
CTC005807 : Detection Engineer
Location : Montreal, Quebec
Field : Security
Position Type : Contract
Starting : April 26, 2021
Ending : April 25, 2022
Resources Required : 1
Position Description

IMPORTANT

English only OK

Top 3 skills

  • 3+ years of technical experience with one or more SIEM and UEBA platforms (e.g. Splunk, Elastic, ArcSight, QRadar, LogRhythm, etc)
  • Knowledge of at least one scripting language (Python, Perl, Ruby, etc.) as well as regular expressions.
  • Understanding of various security frameworks and/or methodologies (e.g. MITRE ATT&CK, Cyber Kill Chain, Diamond Model, NIST, etc)

Experience with the following technologies is highly desirable: Splunk, Apache NiFi, Apache Kafka, Tableau, Cloudera, Elastic Stack (Logstash, Elasticsearch, Kibana)

As a Detection Engineer within the Content Team, a candidate is expected to utilize his/her technical expertise to create detection logic to identify prioritized threats using logs and security telemetry. You will work collaboratively to implement detections that observes system activity and recognizes malicious behavior within multiple SIEM platforms. You would help develop creative and resourceful ways to identify gaps and detect threats while leveraging core OS telemetry such as file system, memory, process, and network. You would collaborate with multiple teams and are expected to make significant contributions to the design and implementation of major development projects.

What You Would Do:

  • Build mechanisms that combine multiple detection signals to create higher fidelity threat detections.
  • Develop and/or engineer security detections as code.
  • Analyze the latest attacker techniques and develop approaches to detect them across the company's diverse environments and endpoints.
  • Develop and maintain parsers in connectors to ensure logs are properly organized and normalized.
  • Automation to improve identification and response time and reduce impact of incidents.
  • Work cross functionally to perform proactive Threat Hunting and Purple Teaming.
  • Participate in various meetings such as daily stand-ups, project reports and status calls, etc.

Required Skillsets:

  • 3+ years of technical experience with one or more SIEM and UEBA platforms (e.g. Splunk, Elastic, ArcSight, QRadar, LogRhythm, etc)
  • Knowledge of at least one scripting language (Python, Perl, Ruby, etc.) as well as regular expressions.
  • Understanding of various security frameworks and/or methodologies (e.g. MITRE ATT&CK, Cyber Kill Chain, Diamond Model, NIST, etc)
  • Experience with the following technologies is highly desirable: Splunk, Apache NiFi, Apache Kafka, Tableau, Cloudera, Elastic Stack (Logstash, Elasticsearch, Kibana)
  • Host level detection with tools such as Auditbeat, Osquery, EDR or Sysmon
  • Working knowledge of GIT, JIRA, Jenkins, Docker, Kafka other Agile CI/CD and Kanban boards.
  • Ability to work independently with minimal direction; self-starter/self-motivated.

**Valid certification, accreditation such as SANS or CISSP is NOT mandatory. Showing how your candidate’s experience provides them the ability to perform the functions of the role is mandatory.