Identifying and responding to cyber threats - safeguarding our company's infrastructure and data. You will be primarily involved in leading the alert development cycle, triaging and investigating alerts, managing the full incident response lifecycle (investigation, containment, eradication, and recovery) and collecting and tracking metrics for reporting. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as drive process improvements and establish documentation for new tools.

Need more details? Keep reading…

You will:

Mentor and elevate the technical capabilities of the SOC team.
Monitor, analyze and report possible cybersecurity attacks.
Investigate and perform analysis of threat indicators.
Gather Indicators of compromise and any relevant data to use with threat hunting activities.
Leverage security tools (Elastic, CrowdStrike and more) for analysis to identify malicious activities.
Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
Lead containment and eradication efforts, making critical decisions during high-severity incidents.
Participate in on-call and hands-on scheduled shift rotations, including outside of business hours.
Lead Security Incident Response and serve as the escalation point for complex investigations across internal teams and 3rd party providers.
Document incident timelines, evidence, and actions taken for post-incident review.
Lead post-incident reviews and drive continuous improvement from lessons learned.
Define and continuously improve the SOC's incident response playbooks, runbooks, and detection strategy.
Design and lead tabletop exercises and IR simulations.
Coordinate and run proactive investigations and threat hunts across corporate environments and detect malicious activities.
Maintain up-to-date understanding of security threats, countermeasures, security tools, cloud security and SaaS technologies.
Set the standard for technical proficiency; evaluate and recommend tools, techniques, and methodologies for the team.
Present investigation, incident response findings and strategic recommendations to senior leadership and executive stakeholders.
Define, own, and report on SOC operational metrics (MTTD, MTTR, alert fidelity) and use data to drive strategic improvements.

So are YOU our next Principal SOC Specialist, Incident Response? You are if you…

8+ years of relevant experience in performing and leading Cybersecurity Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.
Extensive experience designing, implementing, and optimizing detection rules and detection-as-code frameworks.
Demonstrated expertise integrating security tools via APIs for automation, and hands-on experience implementing Security Orchestration, Automation, and Response (SOAR) workflows.
Deep expertise leading complex, multi-vector investigations and incident response using EDR tools such as CrowdStrike Falcon and SIEM tools such as Elastic Security (KQL, ESQL, Timeline analysis).
Advanced experience with forensic triage (disk, memory, network) and multiple operating systems (Mac, Linux, Windows).
Proven track record of designing and maturing SOC processes, playbooks, detection strategies, SIEM correlation rules, and incident reports.
Proven ability to lead incident management for high-severity incidents, with excellent communication under pressure.
Proficiency in programming languages such as Python, JavaScript and others for security automation and tooling development.
Deep understanding of NIST Cybersecurity Framework, MITRE ATT&CK, and ability to apply them to detection engineering and threat modeling.
Comprehensive understanding of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.
Demonstrated experience mentoring and developing technical skills across a security team.
Strong ability to translate technical findings into strategic recommendations for leadership.
Experience with cloud-native security monitoring (GCP, AWS, Azure).

Brownie points if you have...

GCIH, GCED, CCFR, HTB CDSA, GCFA, CHFI, GREM, OSCP, CISSP or similar relevant certifications.

Compensation Information:

Base salary range: $114,143 - $142,679
The final compensation package will be commensurated with the successful candidate's experience, skills, and geographic location (Canada). It includes a comprehensive benefits plan and a competitive incentive (bonus) program for Full-Time Permanent roles.

Sounds like you? Click below to apply!

#LI-Hybrid #LI-MM1

See more open positions at Flexiti Financial

Privacy policy Cookie policy

Communitech Hub

151 Charles Street West, Suite 100,
Kitchener, Ontario, Canada, N2G 1H6

Proud member of Canada's Tech Network

Hours: Monday - Thursday 8:30 a.m. - 5 p.m. ET
Friday 8:30 a.m. - 4 p.m. ET
Phone: +1 (519) 888-9944
Email: front.desk@communitech.ca

Connect with us

Government of Ontario logo

Government of Canada logo

Communitech acknowledges that the Hub is situated on the Haldimand Tract, land that was granted to the Haudenosaunee of the Six Nations of the Grand River, and are within the territory of the Neutral, Anishinaabe, and Haudenosaunee peoples.

To access services in French please email marketinghelp@communitech.ca