Cybersecurity Analyst
Share
Job Location:
Mississauga - Canada
Yearly Salary:
$ 115000 - 138000
Posted on:
10 days ago
Vacancies:
1 Vacancy
Job Summary
Role Summary
We are seeking a Contract Security Analyst with hands-on experience across Netskope SSE Microsoft Purview (full DLP) Microsoft Defender and Arctic Wolf MDR. This role blends security operations incident response and data loss prevention engineering supporting both daytoday alert handling and continuous improvement of detection and data protection controls.
The analyst will act as a key technical partner to internal IT teams and the Arctic Wolf SOC helping reduce risk improve signal quality and ensure strong visibility and control over cloud usage and sensitive data.
We are seeking a Contract Security Analyst with hands-on experience across Netskope SSE Microsoft Purview (full DLP) Microsoft Defender and Arctic Wolf MDR. This role blends security operations incident response and data loss prevention engineering supporting both daytoday alert handling and continuous improvement of detection and data protection controls.
The analyst will act as a key technical partner to internal IT teams and the Arctic Wolf SOC helping reduce risk improve signal quality and ensure strong visibility and control over cloud usage and sensitive data.
Key Responsibilities
1. Security Monitoring Investigation & Incident Response
- Monitor triage and investigate security alerts originating from:
- Arctic Wolf MDR
- Microsoft Defender (Endpoint Identity Office 365 Cloud Apps)
- Netskope SSE (SWG CASB ZTNA Threat Protection DLP)
- Perform incident response activities including:
- Alert validation scoping and root-cause analysis
- Endpoint identity cloud and SaaS activity investigation
- Containment actions (account suspension device isolation session revocation policy enforcement)
- Work closely with Arctic Wolf on:
- Case escalations and response coordination
- Validation of detections and recommended actions
- Produce clear incident documentation including:
- Timelines affected assets impact assessment and remediation steps
2. Detection Engineering & Alert Tuning (NonSIEM)
- Tune and optimize detections and policies directly within:
- Microsoft Defender portals (no Sentinel)
- Netskope security and DLP policies
- Arctic Wolf escalation criteria and response workflows
- Reduce alert fatigue by:
- Eliminating false positives
- Aligning severity with business impact
- Improving investigation context and signal fidelity
- Contribute to detection coverage for:
- Identity compromise and OAuth abuse
- Malware ransomware and lateral movement
- Risky SaaS usage and anomalous cloud behavior
- Data exfiltration and policy violations
3. Data Loss Prevention & Information Protection
- Administer and enhance Microsoft Purview Information Protection and DLP including:
- Sensitivity labels and label policies
- DLP policies across Exchange SharePoint OneDrive and Teams
- Alert triage and incident follow-up for DLP eventsup for DLP events
- Design implement and tune Netskope DLP:
- Inline and at rest controls across web and cloud appsrest controls across web and cloud apps
- Classification fingerprinting and structured/unstructured data detection
- Partner with business and privacy stakeholders to:
- Translate data protection requirements into enforceable controls
- Implement exception handling and user education workflows
- Balance risk reduction with business usability
- Track and report on DLP effectiveness and trends
4. Netskope SSE Platform Operations
- Support the full Netskope SSE stack including:
- Secure Web Gateway (SWG)
- CASB (managed and unmanaged apps)
- ZTNA
- Threat Protection
- DLP
- Monitor policy health coverage and enforcement effectiveness
- Identify and remediate gaps in visibility control or logging
- Support investigations involving risky apps shadow IT and cloud misuse
5. Platform Hygiene Documentation & Reporting
- Validate security tool coverage and operational health:
- Endpoint onboarding and Defender health
- Identity and SaaS integrations
- Logging completeness and alert flow
- Develop and maintain:
- Incident response playbooks
- DLP and investigation runbooks
- Operational procedures and escalation paths
- Produce actionable reporting for leadership:
- Incident trends alert quality DLP metrics and risk themes
- Support knowledge transfer and operational maturity improvements
Required Skills and Experience
- 35 years in a Security Analyst SOC or Incident Response role
- Hands-on experience with:
- Microsoft Defender (Endpoint Identity Office 365 Cloud Apps)
- Microsoft Purview (Information Protection and full DLP)
- Netskope (SWG CASB ZTNA DLP Threat Protection)
- Arctic Wolf MDR (case handling escalations collaboration)
- Strong understanding of:
- Cloud and SaaS security threats
- Identity-based attacks and phishing
- Data protection and regulatory considerations
- Incident response lifecycle and MITRE ATT&CK concepts
- Ability to clearly document findings and communicate with both technical and nontechnical stakeholders
Nice-to-Have Qualifications
- Experience with:
- Defender XDR Advanced Hunting
- Security policy design for large M365 environments
- SaaS governance and cloud risk management
- Certifications (preferred but not required):
- SC200 SC400 AZ500 Security or equivalent
What Success Looks Like
Within the first 60 days the contractor is expected to:
- Reduce alert noise through documented tuning improvements
- Improve clarity and consistency of incident response processes
- Deliver measurable improvements in DLP signal quality
- Ensure full coverage and operational health across Defender Netskope and Purview
- Leave behind clear documentation and operational artifacts
Dont meet every single requirement Thats okay. We encourage you to apply anyway. We believe in investing in potential and supporting our team members as they grow into their roles. If this opportunity excites you but your experience doesnt align perfectly we still want to hear from you.
Benefits
As an employee at Embark you will benefit from so many great employee perks
Flexible Ways of Working: Design your workday around what matters most. With flexible hours you can balance work with all the other important things in life. And with our Remote Work Arrangement you can work from anywhere in the world for part of the yearwhether thats a beach in Bali or your cozy cabin in Muskoka.
Career Development That Moves You Forward: Fuel your growth with funding for courses certifications and conferences. Explore new horizons through job rotations and secondments and benefit from ongoing coaching and personalized development planning that keeps your career moving. At Embark people stick around for the long-haul.
Fun Is Part of the Job: We take fun seriously. From themed parties and surprise treat days to team socials that actually make you want to show up we create moments that spark joy build connection and make work feel like more than just work.
We use artificial intelligence (AI) tools to support aspects of the recruitment process.
Recent Awards
We use artificial intelligence (AI) tools to support aspects of the recruitment process.
Recent Awards
Required Experience:
IC
About Company
Embark is Canada's education savings and planning company. Our registered education savings plans (RESP) and expert advice help you achieve your saving goals and prepare your child for their dream post-secondary program.
