Senior Security Analyst (PermanentFull-Time)

CoreFactor Inc.

Job Location:

Toronto - Canada

Monthly Salary: Not Disclosed

Posted on: 20 hours ago

Vacancies: 1 Vacancy

Job Summary

CoreFactor is searching for a Senior Security Analyst on a permanent/full-time basis for a client in the GTA.

This position is hybrid and will require the successful incumbent to be in the office four (4) times per week.

The Opportunity:

The Senior Security Analyst will report to the Cyber Security Operations Manager and play a key role in strengthening and maturing the organizations security operations capabilities. This is an opportunity to provide senior-level expertise across monitoring detection investigation and incident response activities while helping advance cybersecurity operations.

This role requires a highly motivated and experienced security professional with strong analytical technical and problem-solving skills. The successful candidate will bring deep expertise in security monitoring alert triage incident investigation threat detection and containment across endpoint network cloud identity and enterprise platforms. Acting as a senior liaison between technical teams and business stakeholders this role will be responsible for leading complex investigations improving detection coverage supporting incident response activities and communicating security risk in a clear and actionable manner. A strong foundation in security frameworks attack techniques and operational best practices is essential.

The Role:

Monitor triage and investigate security alerts and events across SIEM EDR email security identity cloud and network security platforms.
Lead complex incident investigations including scoping containment coordination root cause analysis and post-incident follow-up activities.
Perform advanced threat hunting and anomaly analysis to identify malicious activity suspicious behaviour and emerging attack patterns across enterprise environments.
Develop tune and optimize detection logic SIEM use cases correlation rules playbooks and alerting processes to improve visibility and reduce false positives.
Partner with infrastructure cloud networking and application teams to support containment eradication and recovery activities during security incidents.
Review and analyze endpoint network identity and cloud telemetry to assess impact determine attack paths and support risk-based response decisions.
Support incident response readiness through development and maintenance of investigation procedures response playbooks escalation paths and documentation.
Perform threat intelligence review and translate relevant indicators tactics techniques and procedures into actionable detection and response improvements.
Coordinate with internal stakeholders and external partners as required during investigations including evidence gathering case management and reporting.
Participate in 24x7 incident response support and provide senior-level operational guidance during major security events and escalations.
Identify opportunities to improve SOC processes detection coverage automation and analyst workflows to strengthen operational effectiveness.
Collaborate with internal stakeholders and external service providers to strengthen security operations processes detection coverage and incident response effectiveness.

Requirements

Proven hands-on experience with SIEM EDR and other enterprise security monitoring platforms such as Microsoft Sentinel Splunk Defender XDR or equivalent tools.
Strong knowledge of SOC operations including alert triage incident analysis containment support case management escalation and post-incident review.
Experience developing and tuning detections analytics correlation rules and response workflows to improve visibility and reduce noise.
Advanced analytical and investigative skills with the ability to interpret logs telemetry and attacker behaviour across endpoint identity cloud email and network environments.
Strong understanding of attack techniques adversary behaviour and security frameworks such as MITRE ATT&CK NIST or equivalent operational models.
Demonstrated ability to balance technical depth with business acumen communicate investigation findings clearly and support risk-based decisions during security events.
High attention to detail and a strong commitment to producing accurate concise and audit-ready investigation notes reporting and recommendations.
Ability to work effectively across Infrastructure Cloud Data Applications and business functions to support security operations incident response and risk-based decision-making.
Demonstrated ability to build trusted relationships influence stakeholders and coordinate cross-functional response activities during security incidents and operational escalations.
Strong collaboration and mentoring capabilities with a willingness to support team development and contribute to an open inclusive and high-performing security operations environment.
Highly organized with the ability to manage competing priorities coordinate follow-ups and track investigations and security initiatives in a fast-paced environment.
Excellent written and verbal communication skills with the ability to tailor messaging for technical teams leadership and business stakeholders.
Minimum of 7 years of progressive experience across information security functions such as security operations incident response threat detection threat hunting digital forensics or security engineering.
Hands-on experience investigating complex security incidents across endpoint network identity email and cloud environments.
Experience leading or coordinating incident response activities escalations or cross-functional security investigations in a complex enterprise environment.
Experience with modern SOC tooling case management processes and operational reporting is strongly preferred.
Bachelors degree in Information Technology Engineering Computer Science or a related discipline is preferred.
Professional certifications in Information Security such as GCIH GCIA CISSP Security SC-200 SC-900 or equivalent are preferred.
Relevant cloud incident response threat hunting or digital forensics certifications are considered an asset.

Required Skills:

Post-secondary education in Engineering or related technical discipline from an accredited college or university. Knowledge of core development principles (e.g. algorithms and data structure OOP design patterns SOLID principles) 2 years of experience in programming (Python C# JavaScript XML). Comfortable using relational databases and SQL. Ability to analyze problems and find solutions. Ability to work in an industrial environment (i.e. Work in a dusty hot non-climate-controlled environment; with stairs frequent walking standing and occasional lifting of material). Must excel at working independently and in group settings. Must have an aptitude to multitask effectively. Experience using a Version Control System (Git).

CoreFactor is searching for a Senior Security Analyst on a permanent/full-time basis for a client in the GTA. This position is hybrid and will require the successful incumbent to be in the office four (4) times per week. The Opportunity: The Senior Security Analyst will report to the Cyber Security...

CoreFactor is searching for a Senior Security Analyst on a permanent/full-time basis for a client in the GTA.

This position is hybrid and will require the successful incumbent to be in the office four (4) times per week.

The Opportunity:

The Role:

Monitor triage and investigate security alerts and events across SIEM EDR email security identity cloud and network security platforms.
Lead complex incident investigations including scoping containment coordination root cause analysis and post-incident follow-up activities.
Perform advanced threat hunting and anomaly analysis to identify malicious activity suspicious behaviour and emerging attack patterns across enterprise environments.
Develop tune and optimize detection logic SIEM use cases correlation rules playbooks and alerting processes to improve visibility and reduce false positives.
Partner with infrastructure cloud networking and application teams to support containment eradication and recovery activities during security incidents.
Review and analyze endpoint network identity and cloud telemetry to assess impact determine attack paths and support risk-based response decisions.
Support incident response readiness through development and maintenance of investigation procedures response playbooks escalation paths and documentation.
Perform threat intelligence review and translate relevant indicators tactics techniques and procedures into actionable detection and response improvements.
Coordinate with internal stakeholders and external partners as required during investigations including evidence gathering case management and reporting.
Participate in 24x7 incident response support and provide senior-level operational guidance during major security events and escalations.
Identify opportunities to improve SOC processes detection coverage automation and analyst workflows to strengthen operational effectiveness.
Collaborate with internal stakeholders and external service providers to strengthen security operations processes detection coverage and incident response effectiveness.

Requirements

Proven hands-on experience with SIEM EDR and other enterprise security monitoring platforms such as Microsoft Sentinel Splunk Defender XDR or equivalent tools.
Strong knowledge of SOC operations including alert triage incident analysis containment support case management escalation and post-incident review.
Experience developing and tuning detections analytics correlation rules and response workflows to improve visibility and reduce noise.
Advanced analytical and investigative skills with the ability to interpret logs telemetry and attacker behaviour across endpoint identity cloud email and network environments.
Strong understanding of attack techniques adversary behaviour and security frameworks such as MITRE ATT&CK NIST or equivalent operational models.
Demonstrated ability to balance technical depth with business acumen communicate investigation findings clearly and support risk-based decisions during security events.
High attention to detail and a strong commitment to producing accurate concise and audit-ready investigation notes reporting and recommendations.
Ability to work effectively across Infrastructure Cloud Data Applications and business functions to support security operations incident response and risk-based decision-making.
Demonstrated ability to build trusted relationships influence stakeholders and coordinate cross-functional response activities during security incidents and operational escalations.
Strong collaboration and mentoring capabilities with a willingness to support team development and contribute to an open inclusive and high-performing security operations environment.
Highly organized with the ability to manage competing priorities coordinate follow-ups and track investigations and security initiatives in a fast-paced environment.
Excellent written and verbal communication skills with the ability to tailor messaging for technical teams leadership and business stakeholders.
Minimum of 7 years of progressive experience across information security functions such as security operations incident response threat detection threat hunting digital forensics or security engineering.
Hands-on experience investigating complex security incidents across endpoint network identity email and cloud environments.
Experience leading or coordinating incident response activities escalations or cross-functional security investigations in a complex enterprise environment.
Experience with modern SOC tooling case management processes and operational reporting is strongly preferred.
Bachelors degree in Information Technology Engineering Computer Science or a related discipline is preferred.
Professional certifications in Information Security such as GCIH GCIA CISSP Security SC-200 SC-900 or equivalent are preferred.
Relevant cloud incident response threat hunting or digital forensics certifications are considered an asset.