CyberSecurity Engineer - CNI

Job Summary

Collaborate with global cybersecurity teams to monitor investigate and respond to threats across Critical National Infrastructure environments using AlertLogic SIEM Splunk and Arcsight. Analyze high volume security events enhance detection content and support incident handling for Hi Tech clients in a hybrid work model while following day shift operations and ensuring strong cyber resilience.

Responsibilities

• Monitor security events in real time using AlertLogic SIEM Splunk and Arcsight to detect suspicious activity across Critical National Infrastructure environments and Hi Tech platforms
• Analyze correlated alerts to identify genuine security incidents while filtering out noise so that investigation efforts focus on the riskiest threats
• Investigate security incidents end to end by collecting logs reviewing contextual data and documenting clear timelines that support decisive response actions
• Coordinate with incident responders and infrastructure teams to contain threats eradicate malicious activity and validate successful recovery for affected systems
• Develop and refine detection rules and correlation searches in AlertLogic SIEM Splunk and Arcsight to improve alert fidelity and reduce false positives over time
• Create and maintain use cases and playbooks for common attack patterns targeting Hi Tech and Critical National Infrastructure environments to promote consistent incident handling
• Perform root cause analysis on significant incidents and propose pragmatic control enhancements that reduce the likelihood of recurrence and strengthen security posture
• Support vulnerability and configuration review activities by interpreting scan results and log data to highlight exploitable weaknesses in monitored systems
• Collaborate with application cloud and network teams to integrate new log sources into SIEM platforms and validate that events are normalized enriched and searchable
• Document investigation steps findings and corrective actions in case management tools with a high level of clarity that supports audit compliance and knowledge reuse
• Produce concise operational reports and metrics that summarize incident trends tool performance and emerging risks for consumption by technical stakeholders
• Contribute to continuous improvement of SOC workflows by suggesting automation tuning and process refinements that enhance efficiency and analyst experience
• Participate in tabletop exercises and scenario based simulations that validate incident response readiness for Hi Tech and Critical National Infrastructure services
• Assist with user awareness by sharing observed threat patterns and practical security hygiene recommendations that help reduce human related vulnerabilities
• Coordinate with global teams in a hybrid work model to ensure consistent day shift coverage and smooth handover of ongoing investigations where required
• Support adherence to regulatory and industry standards relevant to Critical National Infrastructure by aligning monitoring practices and documentation with policy expectations
• Engage in knowledge sharing sessions to spread expertise on AlertLogic SIEM Splunk and Arcsight so that team capabilities grow collectively over time
• Review new projects and technology changes impacting Hi Tech environments to provide input on logging monitoring and incident response requirements from the outset
• Participate in threat hunting activities by exploring unusual patterns in logs and developing hypotheses that uncover stealthy or previously undetected malicious activity
• Assist in evaluating and testing new security tooling or SIEM features that can improve detection quality analyst workflow and overall cyber defense effectiveness

Qualifications

• Demonstrate practical experience in operating and tuning AlertLogic SIEM for log ingestion correlation and alert triage across complex enterprise environments
• Apply hands on knowledge of Splunk searches dashboards and correlation rules to investigate incidents and deliver meaningful insights from high volume security data
• Utilize working experience with Arcsight content development event schema and use case implementation to support robust and scalable security monitoring
• Bring foundational understanding of cybersecurity principles including network security endpoint protection identity security and incident response lifecycle
• Show exposure to Hi Tech or technology driven business environments where rapid innovation cloud adoption and complex architectures influence threat landscapes
• Communicate technical findings clearly in both written and verbal form to diverse stakeholders so that recommended actions are understood and implemented
• Collaborate effectively in hybrid teams while managing time and tasks independently during day shift operations without the need for frequent supervision
• Display willingness to learn new security tools develop advanced SIEM skills and stay current with evolving threats that affect Critical National Infrastructure and Hi Tech sectors
• Hold a formal degree or equivalent experience in information security computer science or a related discipline that supports analytical and problem solving skills

Certifications Required

Preferred certifications include CompTIA Security Plus or equivalent SIEM focused training such as Splunk Certified Core Power User

À propos de nous

Cognizant (NASDAQ: CTSH) est un concepteur d’IA et un fournisseur de services technologiques. Avec notre gamme de solutions IA full-stack, nous accompagnons nos clients au carrefour de l’investissement dans l’IA et de la valeur ajoutée. Notre grande expertise sectorielle, des processus et de l’ingénierie nous permet de convertir le contexte propre à chaque entreprise en systèmes technologiques amplificateurs du potentiel humain, générateurs de résultats tangibles et garants de l’avantage des acteurs internationaux dans un monde en constante évolution. Découvrez notre méthode sur www.cognizant.com ou suivez @cognizant.

Renseignments suppplémentaires sur l'emploi
Les informations sur la rémunération sont exactes à la date de publication. Cognizant se réserve le droit de modifier ces informations à tout moment, conformément aux lois applicables.

Les exigences linguistiques varient selon les postes, mais nous demandons à tous les candidats d’avoir une connaissance de base de l’anglais afin de faciliter les communications internes à l’échelle de l’entreprise. Pour les postes basés au Québec, une maîtrise de l’anglais est requise puisque vous fournirez des services et collaborerez avec des parties prenantes situées hors de la province, qui ne parlent pas nécessairement le français. 

Cognizant est un employeur souscrivant au principe de l’égalité d’accès à l’emploi. Votre candidature et votre dossier ne seront pas examinés en fonction de la race, de la couleur, du sexe, de la religion, des croyances, de l'orientation sexuelle, de l'identité de genre, de l'origine nationale, du handicap, de l'information génétique, de la grossesse, du statut d'ancien combattant ou de toute autre caractéristique protégée telle que décrite par les lois fédérales, provinciales ou locales.

Si vous avez un handicap qui nécessite un aménagement raisonnable pour rechercher une offre d'emploi ou poser une candidature, envoyiez un courriel à [email protected] avec votre demande et vos coordonnées.