Regional Incident Response Manager, GSOC

Category: Cyber Security Consulting
City: Victoria, British Columbia, Canada
Position ID: J1020-1122
Employment Type: Full Time

Position Description

CGI is more than just an IT consulting company; we are a global organization offering a world of opportunities. Become part of an outstanding culture that gives you the freedom to innovate, influence decisions, achieve your full potential, and chart your own career! Our benefits include a share purchase program, profit sharing, wellness credits, training and development programs and flexible work schedules.

The Regional Incident Response Manager is an integral part of the Global SOC which conducts cyber research, threat hunting, incident response, forensics analysis, red team operations, malware reverse engineering and innovations for CGI. This critical role requires a detailed understanding of cyber security and in-depth knowledge of computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, threat actors and forensics methodologies and tools. This position is responsible for leading and conducting highly technical incident response engagements, setting the incident response plan, and collaborating with GSOC team in the correct application of incident response processes within CGI. If you are a highly effective communicator who thrives in a fast-paced, dynamic environment, this could be the perfect opportunity for you!

Your future duties and responsibilities

Incident Response:
• Provide technical leadership and conduct incident response engagements
• Develop incident response strategies, paying particular attention to industry standard methodologies and advances in technology and cyber security
• Perform sophisticated digital forensic, host-based or network analysis during an investigation
• Act as the senior subject matter expert during security incidents
• Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization
• Provide suggestions and feedback to improve the overall capabilities of the SOC team
• Handle incidents until resolution
• Perform basic reverse engineering on malware using dynamic and static analysis

• Perform forensic collection of endpoint or network evidence with forensically sound procedures, document evidence handling with chain-of-custody procedures, and conduct forensic investigations to industry standard methodologies
• Perform advanced “Threat Hunting" for unknown cyber security events in order to find, identify and categorize advanced cyber threats

• Monitor alerts generated and escalated by GSOC monitoring technologies or Level 2 / 3 Analysts
• Research trends in new security threats, technologies and regulations; advise and train team members to maintain awareness
• Monitor automated tool output and conduct spot checks for accuracy

• Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and set the priority accordingly
• Determine and classify the severity of alerts; assess potential impacts of classification as defined in knowledge base
• Validate triage conducted by Level 2 / 3 Analysts and automated tools
• Report potential security incidents
• Analyze and respond to security events and incidents from monitoring technologies or escalated by Level 2 / 3 Analysts
• Mentor Level 2 / 3 Analysts; review and advise on standard operating procedures and training documentation
• Work with CGI’s ITSM system during incident handling and triage innovation
• Develop, build and integrate internal tools to augment and automate capabilities of the Global SOC to detect, respond and mitigate cyber security threats
• Conduct research within the fields of Incident Response, Forensics and Threat Hunting to develop new strategies against threats

• Provide strong technical leadership and guidance to Level 2 / 3 Analysts
• Train and mentor Level 2 / 3 Analysts to improve their technical skills
• Review, modify and create the standard operating procedures used by Level 2 / 3 Analysts

Required qualifications to be successful in this role

• Minimum of 6 years’ experience working in a similar cyber security role
• Recognized Cyber Security professional within forensics, incident response or threat hunting
• Demonstrable experience leading incident response engagements and teams
• SME in at least two of the following areas:
• Advanced Threat Hunting
• Malware Analysis
• Reverse Engineering

Education & Certifications:
• Degree in IT Security, Engineering or Technology related fields
• Proven certifications in cyber security related disciplines. (e.g. SANS)
• Certified in Incident Response and/or Forensics


What you can expect from us

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at

No unsolicited agency referrals please.

CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.