Lead SOC Analyst

Position Summary 

The Security Operations Lead (Lead SOC Analyst) at Copperleaf plays a critical role in protecting our global SaaS platform internal systems and customer environments. This role combines deep technical expertise in security operations detection and response and enterprise vulnerability management. 

This individual functions as a technical team lead and senior escalation point providing direction mentorship and operational leadership to a team of SOC analysts while working cross-functionally across Security Architecture R&D CloudOps and IT. While this is not a direct people management role it requires strong leadership influence and accountability for driving operational excellence and team maturity. 

The role is responsible for developing enhancing and executing security operations and vulnerability management capabilities including building new processes implementing tools and contributing to the broader security roadmap. 

Key Responsibilities 

Leadership & Team Support 

• Act as the technical lead and primary escalation point for Security Operations and Vulnerability Management. 
• Provide mentorship and guidance to intermediate analysts supporting capability development and operational consistency. 
• Drive team maturity process standardization and operational excellence across detection response and remediation functions. 
• Lead by influence across teams ensuring alignment without direct reporting authority. 
• Contribute to performance metrics KPIs and reporting for leadership visibility. 

Security Monitoring & Incident Response 

• Lead complex investigations across AWS & Azure environments identity systems endpoints and SaaS infrastructure. 
• Oversee incident response activities including containment remediation and post-incident analysis. 
• Enhance SOC playbooks SOPs and detection logic to improve response efficiency and effectiveness. 
• Drive ongoing improvements in logging monitoring coverage and alert fidelity. 

Vulnerability Management 

• Lead the end-to-end vulnerability management lifecycle including identification prioritization tracking remediation and validation across: 
• Cloud environments (AWS Azure) 
• Applications and SaaS platforms 
• Infrastructure endpoints and third-party systems 
• Partner with IT CloudOps R&D and Security Architecture to reduce attack surface and ensure timely remediation. 
• Prioritize vulnerabilities based on business risk exploitability and threat intelligence (e.g. KEV CVSS EPSS). 
• Establish and maintain repeatable scalable vulnerability management processes and tooling. 
• Develop metrics and reporting on vulnerability posture remediation SLAs and risk exposure. 

Threat Intelligence Detection Engineering & Automation 

• Develop and tune detection logic mapped to MITRE ATT&CK across cloud and SaaS environments. 
• Design and implement automation workflows playbooks and operational tooling improvements. 
• Evaluate and optimize use of SIEM EDR/XDR and cloud-native security tools. 
• Drive continuous improvement through tool rationalization automation and innovation initiatives. 
• Track emerging threats relevant to SaaS providers cloud platforms Kubernetes identity infrastructure and AIdriven attack techniques. 
• Conduct proactivethreathunting across cloud workloads identity logs endpoints and product telemetry. 

CrossFunctional Collaboration 

• Collaborate closely with Security Architecture R&D CloudOps IT and Platform teams. 
• Support secure design operational visibility incident readiness and remediation coordination. 
• Communicate risks trends and recommendations to both technical and business stakeholders. 

Qualifications :

Skills & Experience Requirements 

• 8 years of experience in security operations incident response vulnerability management or related cybersecurity roles. 
• Demonstrated experience functioning as a technical lead or team lead within a SOC or security operations environment. 
• Strong experience with: 
• Cloud platforms (AWS and Azure) 
• Vulnerability management tools and methodologies 
• SIEM (Rapid7 preferred) SOAR EDR/XDR 
• Deep understanding of: 
• Threat landscape (cloud SaaS identity) 
• Vulnerability frameworks (CVSS MITRE ATT&CK KEV OWASP) 
• Experience building or improving security processes tooling and operational capabilities. 
• Strong cross-functional collaboration and stakeholder management skills. 
• Proficiencyin scripting languages (Python Bash PowerShell JavaScript) and KQL for advanced log analysis. 
• Familiarity with frameworks and regulations relevant to Copperleaf (ISO 27001 SOC 2 NIST CSF CIS Controls GDPR). 
• Expertisewith Windows macOS and Linux systems. 

Education Requirements 

• Bachelors degree preferred in cybersecurity computer science engineering or related fields. 

Certification Requirements 

Preferred certifications include: 

• GIAC Certified Incident Handler (GCIH) 
• GIAC Defending Advanced Threats (GDAT) 
• GIAC Certified Enterprise Defender (GCED) 
• Microsoft Certified SOC Analyst 
• CISSP 
• Azure Security Engineer (AZ500) strongly preferred for cloudfocused operations 

Additional Information :

What Were Offering

• Salary Range: $95000 CAD -$115000 CAD Bonus
• Permanent Full-time
• Flexible paid time off including sick and holiday 
• Medical dental & vision insurance 
• RRSP Company contribution 
• Life insurance and disability benefits 
• Tuition assistance 
• Community involvement and volunteering events

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles while also valuing inclusive workplace experiences. By fostering a sense of community we drive innovation strengthen connections and nurture belonging. Our commitment ensures you can work in a way that suits you best while also engaging with colleagues to share ideas and build meaningful relationships.

Remote Work :

No

Employment Type :

Full-time