You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

UEBA Analyst

Toronto, ON
Full Time
7 days ago
302 Bay Street

Job Family Group:

The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud and Physical Security capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances BMO's ability to rapidly prevent, detect, respond to, and recover from all security threats. This position offers a unique experience to learn from experienced leaders in the industry, join a team building the 21st century model for security and helping grow the good by protecting our customers and communities.

BMO Information Security Technical Investigations is looking to hire an experienced information security professional to support the Bank's Insider Threat Monitoring capabilities specific to User Entity Behavior event correlation and analytics. This exciting role involves working in a 24x7 operations team to monitor, tune, analyze and investigate alerts from the UEBA platform and taking appropriate actions to reduce information security risks by working with various business units within the enterprise.
BMO IS Insider Risk Management is a team that focuses our efforts to address information security based insider risks at the Bank from employees and contractors via various technical means (DLP, UEBA, Digital Forensics, Program management). We are part of a 24x7 operations team that monitor alerts from various IS tools and help enforce the Acceptable Use Standard at the Bank.

***You must be comfortable with working in shifts that can include the following shifts:

7am-3pm, 8am-4pm, 9am-5pm, 10am-6pm, and 2pm-10pm

Responsibilities ::
  • Monitors, restores service, changes, supports and handles day-to-day activities 7/24/365 required to run the mission critical Information Security systems for BMO. Provides responsive customer service in support of cyber security.
  • Builds effective relationships with internal/external stakeholders.
  • Anticipates and reduces complexity for others.
  • Provides input into the planning and implementation of operational programs.
  • Develops and documents procedures and processes, conforming to the industry best practices and Bank's security regulations, policies and standards.
  • Assists in the preparation of end user materials.
  • Gathers and documents requirements for use in various audits, reports, & projects.
  • Monitors & maintains security tools and applications.
  • Creates activity reports for security tools and applications.
  • Collaborates with internal and external stakeholders in order to deliver on business objectives and to support operational activities for Information Security.
  • Develops an understanding of organizational interactions and complexity to engage with the appropriate matrix areas.
  • Actions service requests, transactions, queries etc. within relevant service level agreements.
  • Coordinates and facilitates incident management activities. Includes deploying changes to the production environment and engaging 2rd party providers contracted to the Bank during an incident.
  • Recommends approaches or changes to streamline and integrates security processes and systems in the organization, while considering Information Security methodology to improve overall efficiency.
  • Provides technical Information Security subject matter expertise.
  • Identifies opportunities to strengthen the capability of the Information Security organization at BMO, such as: sharing expertise to promote technical development and mentoring employees.
  • Stays abreast of industry technical and business trends through participation in professional associations, practice communities and individual learning.
  • Ensures consistent, high quality practices/work and the achievement of business results in alignment with business/group strategies and with productivity goals.
  • Focus is primarily on business/group within BMO; may have broader, enterprise-wide focus.
  • Exercises judgment to identify, diagnose, and solve problems within given rules.
  • Works independently on a range of complex tasks, which may include unique situations.
  • Broader work or accountabilities may be assigned as needed.

Required Qualifications :
  • Ability to identify, collect, interpret and respond to evidence from a variety of security technologies and intelligence/data gathering sources
  • 1-2 years experience working as a SOC analyst in User and Entity Behavior Analytics tools like Splunk UEBA, Exabeam etc.,
  • Recent hands on experience in SIEM (Security Incident and Event Management) log management platform
  • Strong knowledge and experience with basic networking principles / TCP-IP troubleshooting
  • Basic knowledge in Splunk scripting, Python, Powershell, and decent scripting background to automate / parse complex data types
  • Ability to conduct real-time analysis and correlation on User and Entity Behavior analysis events
  • Knowledge of common UEBA platforms in the market and how they operate
  • Ability to work independently and manage one's time
  • Typically between 2 - 4 years of relevant experience and post-secondary degree in Business or Computer Science, or a related field of study or an equivalent combination of formal training, or industry / technical certifications or work experience.
  • Preference for candidates who have or are pursuing at least one certification in a related field, with strong preference for Information Security certifications from a well-recognized institution (e.g. (ISC)2, ISACA, SANS).
  • Experience in Information Security or with multiple areas of systems and computer operations (e.g. Identity & Access Management, IT operations, Certification & Key Management, Security Platform Administration, Security Incident Response).
  • Understanding and problem solving ability of information security issues within their business group - In-depth.
  • Partnering, communication, and negotiation skills to communicate effectively within the team and with technology and business partners - Working.
  • Understands the scope of complexity that exists in the operating environment and the ways which security platforms impact that environment.
  • Knowledge of Information Security support and operations concepts, practices, concepts, and technology obtained through formal training and work experience.
  • Knowledge of Information Security processes, procedures and controls - In-depth.
  • Knowledge of the technical and business environment and the corporate processes and procedures - In-depth.
  • Technical proficiency gained through education and/or business experience.
  • Verbal & written communication skills - In-depth.
  • Collaboration & team skills - In-depth.
  • Analytical and problem solving skills - In-depth.
  • Influence skills - In-depth.
  • Data driven decision making - In-depth.

We're here to help

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.

To find out more visit us at .

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
Information Technology