SOC Analyst, Canada

This is a fully remote position, open to applicants in Canada.

📋 Description

• Continuously oversee and assess alerts and detections across SIEM, EDR/XDR, identity, email, network, and cloud telemetry for our managed client base, applying severity classification and initial enrichment for every event handled.

• Conduct thorough investigations of suspicious activities from validation to root-cause analysis, employing knowledge of attacker tactics, the MITRE ATT&CK framework, and the cyber kill chain to arrive at confident, well-supported conclusions.

• Implement documented response playbooks to mitigate threats, which includes isolating hosts, disabling compromised accounts, blocking indicators, resetting credentials, and coordinating transitions with client and engineering teams.

• Collaborate with Detection Engineering to minimize noise and false positives while proposing, testing, and deploying new analytics, automation, and SOAR playbooks to enhance the SOC's efficiency and accuracy.

• Maintain audit-grade documentation throughout each case, documenting notes, timelines, and customer communications clearly in the ticketing and case-management system.

• Consistently achieve triage, investigation, and notification SLAs while ensuring high accuracy, low false-positive rates, and strong client satisfaction across the portfolio.

• Promote continuous improvement of the SOC by incorporating lessons learned into detections, playbooks, runbooks, and knowledge-base articles in collaboration with SOC Leadership and Detection Engineering.

• Work during an assigned shift (Day, Swing, or Night) within a 24x7 rotation — including weekends and holidays as scheduled — and respond to on-call escalations when necessary.

⛳️ Requirements

• A minimum of one year of experience in an IT security role or IT support role with significant security responsibilities.

• Proficient knowledge of essential security concepts: TCP/IP, common protocols, fundamentals of Windows and Linux, Active Directory / Entra ID, basic cloud knowledge (Azure / AWS / GCP), and prevalent attacker techniques.

• Familiarity with at least one SIEM and one EDR/XDR platform; comfortable creating or modifying basic queries (KQL, SPL, or similar).

• Proven ability to communicate effectively and collaborate within a diverse, high-performance team environment, demonstrating a strong commitment to customer service.

• Candidates must be willing to undergo a background examination.

🏝️ Benefits

• Health insurance

• Flexible work arrangements

• Paid time off

• Professional development