Incident Response Specialist
The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud and Physical Security capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances BMO's ability to rapidly prevent, detect, respond to, and recover from all security threats. This position offers a unique experience to learn from experienced leaders in the industry, join a team building the 21 st century model for security and helping grow the good by protecting our customers and communities.
The CSOC Incident Response (IR) Specialist is primarily responsible for cyber security investigations and incident handling and will perform security threat analysis of malware, phishing, email and web application attacks. Additionally, the IR Specialist will work with other security teams and various internal teams to contain, remediate and escalate security incidents while making recommendations to knowledge-based platforms, playbooks and assist with identifying operational areas of improvement.
The Incident Response Specialist will be responsible for providing accurate technical input to internal and external forensics teams, Fraud, Case Management, Incident Management, Sr. Technical staff and leadership.
- Lead and coordinate the investigation effort for cyber security incidents from initial escalation through after-action reporting
- Conduct live response analysis, network analysis, log analysis, and malware triage in support of incident response investigation
- Effectively communicate investigative progress, findings, opportunities and challenges to Incident Management team
- Manage intake of incidents and reports from internal customers, using the internal ticketing system in a timely and accurate manner.
- The ability to identify and triage security incidents such as Malware, Phishing and Web Attacks is required.
- Serve as Subject Matter Experts for cyber security incidents in meetings with internal and external teams
- Provide leadership, knowledge transfer and mentoring of junior Security Specialists as part of normal IT and business activities.
- Minimum 4 years of Enterprise Incident Response and/or Security Operations Centre experience
- Minimum 4 years of experience with standard Enterprise-class security stack (Firewall, IDS/IPS, Antivirus, SIEM, Web Proxy, Web Application Firewall)
- Functional knowledge of Cyber Security and Incident Response foundations, theory, terminology (Kill Chain, TTPs, APT, IOCs, etc.)
- >2 years operational experience with Splunk, ELK/Elastic, or similar log aggregation and log analysis platforms
- Completion of relevant Security or Technical certifications including CCNA, GCIH, GREM, GCFA, GCFE, OSCP is preferred.
- Demonstrated experience with Cyber Incident Management programs
- Bachelor's degree or College Diploma in Computer Science, Information Security or other related fields
- Effective investigative skills including: initial inquiry into problem statement/incident leads, analytical approach, hypothesis generation and testing, and creative problem-solving
- Ability to work independently on a variety of assignments with minimal supervision
- Programming/scripting experience is an asset
- Unix/Linux and Windows System Administration experience
- Knowledge of / experience with enterprise security tools including IDS/IPS, Antivirus, SIEM, Firewalls & Logging, and Web Proxy
- Malware, Network, Web, and Forensic analysis skills
- Understanding of the Cyber Kill Chain, APT TTP and Threat Intelligence
- Effective communication skills (verbal and written)
- Excellent organizational skills and strong attention to details
- Ability to prioritize activities based on shifting schedules and demands
- Strong analytical and problem-solving skills within a complex IT environment
We're here to help
At BMO we have a shared purpose; we put the customer at the centre of everything we do - helping people is in our DNA. For 200 years we have thought about the future-the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we're changing the way people think about a bank.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmocareers.com
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.