SOC Analyst, Canada

📋 Description

• Continuously monitor and assess alerts and detections across SIEM, EDR/XDR, identity, email, network, and cloud telemetry for our managed clientele, applying severity classification and initial enrichment to every event you engage with.

• Conduct thorough investigations of suspicious activities from validation and pivoting to root-cause analysis, utilizing knowledge of attacker methodologies, the MITRE ATT&CK framework, and the cyber kill chain to arrive at confident, well-supported conclusions.

• Implement documented response playbooks to mitigate threats, including isolating hosts, disabling compromised accounts, blocking indicators, resetting credentials, and coordinating transitions with client and engineering teams.

• Collaborate with Detection Engineering to minimize noise and false positives, as well as to propose, test, and deploy new analytics, automations, and SOAR playbooks that enhance the SOC’s speed and accuracy.

• Maintain audit-grade documentation throughout each case, meticulously capturing notes, timelines, and customer-facing communications in the ticketing and case management system.

• Consistently achieve triage, investigation, and notification SLAs while upholding high accuracy, low false-positive rates, and strong client satisfaction across the portfolio.

• Promote continuous improvement of the SOC by incorporating lessons learned back into detections, playbooks, runbooks, and knowledge base articles in collaboration with SOC Leadership and Detection Engineering.

• Work during an assigned shift (Day, Swing, or Night) within a 24x7 rotation — including weekends and holidays as scheduled — and respond to on-call escalations when necessary.

⛳️ Requirements

• One or more years of experience in an IT security role or IT support role with substantial security responsibilities.

• Proficient understanding of fundamental security concepts: TCP/IP, common protocols, Windows and Linux basics, Active Directory / Entra ID, cloud (Azure / AWS / GCP) essentials, and prevalent attacker techniques.

• Familiarity with at least one SIEM and one EDR/XDR platform; comfortable writing or modifying basic queries (KQL, SPL, or similar).

• Proven ability to communicate effectively and collaborate within a diverse, high-performance team environment, along with a strong dedication to customer service.

• Candidates will be required to undergo a background examination.

🏝️ Benefits

• Health insurance

• Flexible work arrangements

• Paid time off

• Professional development