Permanent : Full Time We generate more than just power for the people of Saskatchewan. We also offer some of the best jobs in the province. Our challenging careers will help you grow, while being surrounded by a team committed to safety, openness, collaboration and accountability. We offer highly competitive salaries and benefits packages to our employees. If you're someone who thrives in a team environment and doesn't shy away from a good challenge, join us Apply no later than 05/28/2025 to be considered for this opportunity. This position falls within the requirement for Personnel Risk Assessment to meet compliance requirements of NERC:CIP (North American Electric Reliability Corporation Critical Infrastructure Protection). A Criminal Record Check must be valid and/or completed prior to being appointed to this position and then on a recurring basis every seven (7) years. JOB SUMMARY: SaskPower is seeking an individual experienced in security analysis and incident response to support daily operations and help grow and mature our Enterprise Security team. This office position is located in Regina, Saskatchewan. As a Cyber Security Specialist you are a continuous learner, who will be responsible for evolving new detection methodologies, participating in threat actor investigations, and providing expert support to incident response and Security Orchestration, Automation and Response (SOAR) monitoring functions. The focus of the Cyber Security Specialist is to detect, disrupt, and eradicate cyber security threats. The position uses data analysis, threat intelligence, and cutting:edge Cloud and on:premise security technologies. As a member of a team, you will support the Enterprise Security team by applying analytic and technical skills to investigate intrusions, identify malicious activity across Cloud, email, network, and endpoint environments, and perform incident response. KEY ACCOUNTABILITIES: :General SIEM/SOAR monitoring, analysis, response to various types of cyber security alerts/incidents. :Experience in building custom detection logic and automating response workflows within SOAR platforms. :Conduct analysis of network traffic and host activity across a wide array of technologies and platforms :Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end:user interviews, and remediation efforts :Compile approved detailed investigation and analysis reports for business, and delivery to management :Maintain knowledge of various threat actors and associated tactics, techniques, and procedures (TTPs). :Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs. :Analyze malicious campaigns and evaluate effectiveness of security technologies. :Develop advanced queries and alerts to detect adversary actions. Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed. :Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting:edge security technologies. :Lead response and investigation efforts into advanced/targeted attacks, including email threats/campaigns. :Provide expert analytic investigative support of large scale and complex security incidents. KNOWLEDGE/SKILLS/ABILITIES: :5+ years of relevant and documented cyber security experience in IT Security, Incident Response, email and network security. :Considerable experience with the incident response process, including detecting advanced adversaries using Splunk and/or Azure / Microsoft Security tools. :Strong analytical and investigation skills and active threat hunting and adversary tracking. :Working knowledge of security architectures, devices and threat intelligence consumption and management within Cloud, network, email and endpoint. :Working knowledge of root causes of malware i