Cyber Security Analyst

**Job Summary**

As a Cyber Security Analyst, you will be the first line of defense in identifying and responding to threats across BMO's global infrastructure. You'll monitor security systems, triage incidents, and collaborate with cross-functional teams to protect our digital assets. This role operates in a global 24/7/365 environment and seeks to continuously improve operational effectiveness.

**Key Responsibilities**

**Monitoring & Detection**
- Continuously monitor for and investigate security events using industry-standard case management and SIEM tools.
- Analyze data from various sources to contextualize events with the goal of identifying potential security threats, vulnerabilities, and patterns of malicious activity.
- Provide recommendations for improving security monitoring and detection capabilities based on alert analysis and emerging threats.
- Ensure that security monitoring and triage activities align with industry standards, regulations, and best practices.

**Incident Response**
- Triage and investigate security events to determine their validity and impact, classifying incidents according to severity levels.
- Maintain detailed records of security investigations, contextual analysis, and triage procedures in the form of journal entries within cases.

**Collaboration & Reporting**
- Collaborate with other security teams, such as incident management, threat intelligence, and insider threat to escalate and manage security incidents effectively.
- Create of update documentation of procedures and processes.
- Communicate effectively both verbally and in writing with end users.
- Build effective relationships with internal/external stakeholders.
- Collaborate with internal and external stakeholders to deliver on business objectives and support operational activities for Cyber Security

**Continuous Improvement**
- Provide recommendations for improving security monitoring operations via enhanced automation and process efficiency.
- Leverage data to support communication of ideas and opportunities.
- Provide input into the planning and implementation of operational programs.
- Identify opportunities to strengthen the capability of the Cyber Security organization at BMO, such as mentoring and sharing expertise.
- Stay abreast of industry technical and business trends through participation in professional associations, practice communities, and individual learning.
- Think creatively and propose new solutions.
- Exercise judgement to identify, diagnose, and solve problems within given rules.
- Work mostly independently.
- Broader work or accountabilities may be assigned as needed.

**Role Differentiators**
- Exposure to myriad Cyber Security tools. Defense in-depth design creates exposure to many industry-leading solutions.
- Global operations. Coworkers distributed across the globe in our Follow-The-Sun model allow for rich learning experiences when collaborating.
- Culture that champions employee ideas with a goal to consistently improve operational effectiveness and reduce cyber risk.
- Opportunities for career growth into Incident Response, Threat Intelligence, or other Financial Crimes Unit roles.

**Education, Experience & Skills**

**Education & Certifications**
- Post-secondary degree in Business, Computer Science, or a related field, or equivalent combination of formal training and work experience.

**Experience**
- Up to 4 years of relevant experience in information security or with systems and computer operations.
- Experience in areas such as Identity & Access Management, Vulnerability and Configuration Management, Threat Intelligence, IT operations, Certification & Key Management, Security Platform Administration, or Security Incident Response.

**Skills & Competencies**
- Strong analytical and problem-solving skills.
- Effective verbal and written communication skills.
- Collaboration and team skills.
- Scripting and coding skills leveraging one or more languages (e.g., Python, PowerShell, Bash).
- Familiarity with SIEM platforms (e.g., Splunk, QRadar).
- Understanding of MITRE ATT&CK framework.
- Experience with cloud security (AWS, Azure, GCP).
- Knowledge of information security support and operations concepts, practices, and technologies.
- Understanding of the technical and business environment and corporate processes and procedures.