Senior IT Security Analyst

Press Tab to Move to Skip to Content Link

Hybrid Work Environment (3 days in office, 2 days remote with flexible hours)

Dress Code Business Casual

Location Downtown Toronto, Outside of Union Station (TTC & GO accessible)

A Great Place to Work

The Senior IT Security Analyst will be the technical lead for cybersecurity initiatives with a focus on incident response, endpoint protection, security event monitoring, and identity & access management. This role plays a critical part in safeguarding the organization’s IT infrastructure, detecting and mitigating threats, and ensuring compliance with security standards. Beyond day-to-day operations, you'll be a strategic thinker, proactively identifying and mitigating risks, leading incident response, and mentoring junior team members. You'll contribute significantly to shaping the organization's security posture and culture in an increasingly AI-driven threat landscape.

This is a fantastic opportunity to participate in an exciting journey of modernizing our IT Security practices and technologies, where you'll be instrumental in leveraging cutting-edge AI and Cloud Computing to build a truly resilient defense. If you're passionate about staying ahead of evolving threats, leading strategic initiatives, and mentoring the next generation of security professionals, then this role offers the perfect platform for your expertise and ambition.

• Leadership and Strategy:
  • Help design and implement robust security solutions that align with business goals and the evolving threat landscape.
  • Contribute to the continuous improvement of security architecture, recommending new technologies and services.
  • Act as a security lead on corporate projects, ensuring proper security controls are integrated from inception.
  • Mentor and support junior analysts, serving as a primary escalation point for complex security issues.
  • Conduct security awareness training for staff, fostering a security-conscious culture.
• Cloud Security Architecture & Strategy: Lead the design, implementation, and continuous improvement of security controls and best practices for our cloud platforms, e.g. Azure. This includes securing IaaS, PaaS, and SaaS deployments and integrating cloud security into the overall enterprise security architecture.

• Incident Response: Lead investigations of cybersecurity incidents, perform root cause analyses, and recommend corrective actions. Develop and maintain incident response playbooks, and coordinate remediation efforts, potentially during off-hours.
• Endpoint Security: Manage and optimize endpoint protection platforms (e.g., EDR, antivirus, DLP) across the enterprise. Conduct in-depth vulnerability assessments and penetration testing, recommending and tracking remediation efforts.
• Security Monitoring and Threat Hunting: Configure, monitor, and analyze logs from SIEM tools such as Splunk to detect suspicious activity and generate reports. Proactively hunt for threats, utilizing SIEM & security tools to analyze logs and identify anomalies.
• Identity and Access Management (IAM): Oversee IAM processes, enforce access controls, and ensure proper provisioning and deprovisioning of user accounts. Oversee and enforce robust access controls within cloud environments, including the management of cloud-native IAM services. Ensure proper segmentation, least privilege principles, and secure access for both human and machine identities.
• Risk Assessment and Management: Conduct comprehensive security risk assessments and vulnerability scans. Articulate the impact of control gaps to the business and assist in developing and executing mitigation and remediation plans.
• 3rd Party Risk Management: Conduct Cloud Security Assessments for SaaS and PaaS platforms to ensure vendors are meeting the minimum-security requirements prior to deployment. Conduct security assessments for end-user software and desktop applications.
• Policy and Compliance: Develop and enforce IT security policies, standards, and procedures in alignment with industry best practices and regulatory requirements (e.g., GDPR, NIST, ISO 27001). Participate in internal and external security audits.

• AI-Driven Security Integration & Oversight:
  • Leverage AI for Enhanced Threat Detection: Proficiently use AI-powered tools like Next-Generation SIEM and XDR to analyze vast volumes of data, detecting subtle anomalies and complex attack patterns that traditional methods might miss. Understand how AI reduces alert fatigue by prioritizing critical threats.
  • Automate Routine Tasks with AI: Identify and implement opportunities to automate security processes, such as alert triage and initial incident investigation, using AI and scripting.
  • Stay Current with AI-Powered Threats: Research and understand how attackers utilize AI (e.g., for sophisticated phishing, polymorphic malware) to inform defensive strategies.
  • Contribute to Autonomous SOC Vision: explore leveraging AI to develop automated security playbooks, moving towards a more predictive and self-healing security posture.
• Collaboration: Work closely with other IT teams to ensure security is embedded throughout the organization. Effectively communicate complex security concepts to both technical and non-technical stakeholders, including senior management.

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• Minimum 8 years of hands-on progressive experience in information security, with a strong background in:
• Cybersecurity incident detection and response, including leading investigations and forensic analysis.
• Endpoint security technologies (e.g., Cisco Secure Endpoint, Forcepoint SSL Decryption, Sophos, Trellix EDR).
• SIEM tools, specifically Splunk (including advanced use of SPL).
• Identity and Access Management systems (e.g., EntraID, Saviynt, SailPoint).
• Network security, cloud security principles (AWS, Azure, GCP), and secure software development lifecycle (SSDLC).
• Deep understanding of cybersecurity frameworks (NIST, ISO 27001, CIS Controls).
• Experience with scripting and automation (e.g., Python, PowerShell, Regex) is a strong plus, particularly for integrating with security tools and AI-driven processes.
• Advanced knowledge of security technologies including firewalls, IPS/IDS, EDR, IAM, web/message filtering, and encryption.
• Up-to-date knowledge of the latest security threats, countermeasures, and emerging cybercrime trends, with an emphasis on AI-driven attack methodologies.

• A certificate from (ISC)²
• Preferred: CISSP - Certified Information Systems Security Professional
• A certificate from SANS
• CEH - Certified Ethical Hacker
• Bonus: Splunk certifications (e.g., Splunk Certified Power User, Splunk Certified Enterprise Security Admin)
• Strong analytical and problem-solving skills, with the ability to perform root cause analysis for complex security incidents.
• High attention to detail and critical thinking, particularly in dissecting security incidents and evaluating AI outputs.
• Excellent communication skills (written and verbal), with the ability to articulate complex technical concepts to diverse audiences, including executive leadership.
• Ability to work independently, manage multiple priorities, and lead security initiatives.
• Strong leadership and mentoring abilities, with a commitment to developing junior team members.
• Proactive and adaptive mindset, especially in response to evolving cybersecurity threats and advancements in AI.