Incident Response Lead
Job Summary
Position Description:
This role can be located in any CGI office in Canada.
The Incident Response Lead is part of CGIs Global Security Operations Center (GSOC) which provides 24/7 security monitoring threat detection and incident response capabilities across the organisation.
As a senior member of GSOC the Incident Response Lead is responsible for leading the technical response to complex cybersecurity incidents coordinating investigations and driving containment eradication and recovery activities. Acting as the technical authority during major incidents the role provides Incident leadership in GSOC while ensuring investigations are conducted using industry best practices and forensically sound methodologies.
The Incident Response Lead works closely with Security Monitoring Detection Engineering Threat Intelligence Security Engineering IT Operations and business stakeholders to minimise organisational risk improve incident response capabilities and strengthen CGIs overall cyber resilience.
This role requires extensive experience in cyber incident response digital forensics threat actor tactics techniques and procedures (TTPs) malware analysis enterprise infrastructure and cloud technologies. The successful candidate will combine deep technical expertise with strong leadership communication and decision making skills to manage high impact incidents in a fast paced global environment.
Your future duties and responsibilities:
Key Responsibilities
. Lead the technical response to cybersecurity incidents coordinating containment eradication recovery and post incident activities.
. Conduct advanced investigations across endpoints networks cloud environments identity platforms and enterprise applications to determine root cause attack scope and business impact.
. Perform and oversee digital forensic investigations using industry standard and forensically sound methodologies maintaining appropriate evidence handling and chain of custody.
. Develop and continuously improve incident response plans playbooks procedures and operational standards.
. Conduct malware analysis including static and dynamic analysis and perform basic reverse engineering where required.
. Collaborate with Threat Intelligence Detection Engineering Security Monitoring and Security Engineering teams to improve detection capabilities and operational readiness.
. Provide technical guidance and mentorship across GSOC supporting junior partners professional development.
. Produce high quality technical reports executive summaries and lessons learned following security incidents.
. Identify opportunities to automate investigation workflows and improve the efficiency of incident response operations.
. Participate in an on call rotation providing 24/7 incident response support for high priority cybersecurity incidents.
Required qualifications to be successful in this role:
The candidate should have expertise and strong experience including:
. Minimum of 7 years experience in working in a similar cybersecurity role or associated discipline.
. Demonstrable experience leading complex cyber incident response engagements within enterprise environments.
. Strong knowledge of incident response frameworks methodologies and lifecycle management.
. Extensive understanding of threat actor tactics techniques and procedures (TTPs) and the MITRE ATT&CK framework. . Advanced knowledge of Windows Linux Active Directory Microsoft 365 Azure networking and enterprise security architecture.
. Experience conducting host network cloud and identity investigations.
. Experience using enterprise security technologies including SIEM EDR/XDR NDR and forensic investigation tools.
. Experience performing digital forensic investigations and evidence preservation using forensically sound practices.
. Experience analysing malware using static and dynamic analysis techniques.
. Strong understanding of common attack techniques persistence mechanisms privilege escalation lateral movement and data exfiltration.
. Ability to lead technical teams during high pressure incidents while making effective risk based decisions.
. Excellent communication skills with the ability to explain complex technical concepts to both technical and executive audiences. . Knowledge of insider threat investigations and user behaviour analytics.
. Experience collaborating with legal privacy HR or regulatory bodies during cyber investigations.
. Experience with cloud security investigations across Microsoft Azure Microsoft 365 AWS or Google Cloud Platform.
Qualifications & Certifications
. Bachelors degree in Cyber Security Computer Science Information Technology or a related discipline or equivalent practical experience.
. Relevant industry certifications are desirable including one or more of:
. GIAC Certified Incident Handler (GCIH)
. GIAC Certified Forensic Analyst (GCFA)
. GIAC Reverse Engineering Malware (GREM) . GCFE or GCIA . CISSP . CISM
CGI is providing a reasonable estimate of the pay range for this role. The determination of this range includes factors such as skill set level geographic market experience and training and licenses and certifications. Compensation decisions depend on the facts and circumstances of each case. A reasonable estimate of the current range is $105000$155000 This role is an existing vacancy.
#LI-AB19
Skills:
- Cloud Security Audit
- Collaboration
- Cybersec. Incident Remediation
- English
- Incident Management
- Leadership
- Linux
- Threat Risk Assessment
What you can expect from us:
Together as owners lets turn meaningful insights into action.
Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because
You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.
Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.
Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
At CGI we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer being able to perform your best during the recruitment process is important to us. If you require an accommodation please inform your recruiter.
That same commitment to fairness extends to how we use technology. To support our recruitment team AI tools may be used to help assess applications though they never replace human judgement. All hiring decisions remain entirely in the hands of our recruitment professionals.
To learn more about accessibility at CGI contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.
Come join our teamone of the largest IT and business consulting services firms in the world.
About Company
The COMPANY is one of the few end-to-end consulting firms with the scale, reach, capabilities and commitment to meet clients’ enterprise digital transformation needs. Our 77,500 consultants and professionals work side-by-side with clients in 10 industries across more than 400 location ... View more