Information Security Specialist - Threat Intelligence & Investigations
Homewood, IL

Job Description

Information Security Specialist - Threat Intelligence & Investigations

ABOUT IT AT CN

CN harnesses the power of information every minute of every day to make better decisions. Almost every aspect of our business relies on technology; this is why CN invests around $100 million every year on IT projects and infrastructure. And with close to 1,000 in-house employees, CN's IT team is more than a first-class technology shop - they're railroaders, dedicated to enabling our people to work better and to helping our trains run safely.

WHY YOU WANT THIS JOB

Safety and security are at the heart of everything we do at CN. The Intelligence & Investigation Specialist will be responsible for coordinating with intelligence Teams internal to CN and external, help build an intelligence network, and contribute to intelligence activities in order to help prepare CN for new threat actors and strategic threats related to information security. These activities include analyzing threats arising from the internal as well as external environment. These activities will be executed with purpose of feeding Risk management handled CN's Information Security team. The individual will also handle forensic investigations to collect, analyze and document evidence from CN assets. The individual will report to CN'S INFOSEC TEAM but will be seconded to CN POLICE's Network Security and Intelligence Unit.

The ideal candidate has experience in threat intelligence collection and analysis as well as handling internal investigations when required by CN Police, Internal Audit, CN Law and Human resources. The individual should have the ability to contribute to CN intelligence, building relationships internally and externally, including CN Police, DHS, and RCMP, FBI and other relevant police forces and Intelligence agencies with the purpose of feeding the CN security program.

RESPONSIBILITIES

* Collaborate with the Canadian counterpart and with CN POLICE for cyber threats management:
* Identify key information sources e.g. open source, commercial, national / international intelligence feeds and develop processes in order to combine and contextualize the intelligence for CN
* Analysis of the collected intelligence and identifying trends
* Developing threat models, including relevant threat scenarios, actors, attack methods and likely targets in order to drive threat simulation and hunting exercises
* Development of threat advisory and flash reports
* Propose appropriate response strategy for identified threats
* Contribute to building information sharing agreements with targeted communities in Canada, North America and Worldwide
* Coordinate with the business units and assigned committees to get the required approvals for incidents information sharing
* Coordinate with the national intelligence to receive early warnings on potential threats against specific industries in the country
* Perform security forensic (preventative and post-event) including managing data collection, analysis, maintaining chain of custody and secure data storage
* Coordinate cyber security incident response activities, working closely with Analysts, Emergency Responders, and SOC personnel from incident inception to close
* Collaborate with operation teams, law enforcement, CN Police, global intel services in response to significant incidents on critical infrastructure and personnel
* Provide feedback on potential improvements to monitoring systems content (such as SIEM use case and correlation rules, coverage, network, or asset models) to the Security Engineer
* Liaise with internal / external stakeholders, vendors and law enforcement during the course of incident response and security forensics
* Receive and manage all forms of Cyber Intel; CSE, CCTX, Open-Source, CN Police, FBI, RCMP, CSIS, DHS, RAN, Interpol, Media, Social Media, Dark-Web, Deep-Web
* Investigation: acquisition and/or analysis of data that is digitally stored on CN assets.
* Managing collected legal hold assets phones, laptops, tablets.
* Omnicast video extraction approval
* Internet activity reports
* Train and train car user interactions report.
* Phone log retrieval
* Network login /log out reports.
* Address all opportunities for improvement process or tool improvement related to investigations.
* Work with Legal, Internal audit, CN Police and HR to assist them with issue pertaining to investigations

REQUIREMENTS

* College diploma or university degree in business or information systems or computer science
* Bachelor of Intelligence (Criminology, law or criminal justice or a similar degree / certificate) will be a good asset
* 3-5 years of experience in cyber security and intelligence
* Training intelligence, counter intelligence
* Understanding of incident response
* Ability to interface easily with internal staff at all levels as well as outside authorities such as law enforcement and military
* Understanding of Cyber Intelligence, counter intelligence and Forensic investigations
* Experience in facilitating change, including collaboration with management stakeholders
* knowledge of operating systems, network technology and SIEM tools
* Knowledge of Intelligence platforms
* knowledge of Forensics technology/software (e.g. EnCase)
* Strong interpersonal and communication (both written and verbal) skills
* Ability to deal with multiple stakeholders
* Good judgement, values and ethics
* U.S. citizen eligible for a Top Secret security clearance
* Flexibility : Travel for periodic training and travel to Montreal HQ
* Adhere to the zero tolerance illegal drug use policy

ASSETS

* GCFA : GIAC Certification Forensic Analyst
* GCFE : GIAC Computer Forensic Examiner
* GCTI :GIAC Cyber Threat Intelligence
* Familiarity and demonstrated understanding of railway industry
* Knowledge of a foreign language.
* CISSP - Certified Information security professional

CN is an Equal Employment Opportunity Employer. It is our policy to fill vacant positions with qualified candidates without regard to race, color, sex, religion, national origin, age, or disability, assuming an individual can perform the essential functions of the job with or without accommodation. Only qualified candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.