OVERVIEW
The Incident Response Specialist plays a critical role in safeguarding the organization against evolving cyber threats. This position involves investigating and responding to complex Level 2 cybersecurity incidents, producing high-quality documentation, and collaborating with various security teams to enhance operational readiness and continuous improvement efforts. The role is situated within a mature and advanced cyber incident response program, providing an excellent opportunity for professionals to deepen their expertise in incident response and enterprise threat operations.
The ideal candidate will possess a strong background in security operations and incident response, with a proactive approach to problem-solving and a collaborative working style. They will engage with internal and external stakeholders, utilizing advanced EDR tooling and forensic analysis techniques to manage incidents effectively. Success in this role requires a commitment to continuous learning and improvement, as well as the ability to navigate complex organizational interactions.
Location: Toronto, ON (Hybrid)
Contract Length: 12 months, with possibility of extension or FTE conversion
Hours: 8:00 AM - 5:00 PM, with a compressed work schedule of 10-hour shifts
Pay: T4 $ 50 / IC $57
RESPONSIBILITIES
- Monitor, restore service, and handle day-to-day activities required to run mission-critical Information Security systems.
- Provide responsive customer service in support of cybersecurity initiatives.
- Monitor and maintain security tools and applications to ensure optimal performance.
- Collaborate with internal and external stakeholders to achieve business objectives and support operational activities for Information Security.
- Identify opportunities to enhance the capabilities of the Information Security organization through expertise sharing and mentoring.
- Recommend approaches to streamline and integrate security processes and systems, improving overall efficiency.
- Build effective relationships with stakeholders to facilitate communication and collaboration.
- Develop and document procedures and processes in accordance with industry best practices and security regulations.
- Create activity reports for security tools and applications to track performance and incidents.
- Coordinate and facilitate incident management activities, including deploying changes to the production environment.
- Provide technical subject matter expertise in Information Security during incident response activities.
- Stay updated on industry trends through participation in professional associations and individual learning.
- Exercise judgment to identify, diagnose, and solve problems within established guidelines.
- Work independently on complex tasks, demonstrating initiative and sound decision-making.
- Take measured risks while adhering to the Risk Management Framework in executing responsibilities.
QUALIFICATIONS
- Typically 2 to 4 years of relevant experience with a post-secondary degree in Business, Computer Science, or a related field, or an equivalent combination of training and experience.
- Preference for candidates with or pursuing certifications in Information Security from recognized institutions (e.g., (ISC)2, ISACA, SANS).
- Experience in Information Security or multiple areas of systems and computer operations, such as Identity & Access Management and Security Incident Response.
- In-depth understanding of information security issues and problem-solving abilities within the business group.
- Strong partnering, communication, and negotiation skills to effectively engage with team members and stakeholders.
- Knowledge of Information Security processes, procedures, and controls, along with technical proficiency gained through education or experience.
- Excellent verbal and written communication skills, with a focus on collaboration and teamwork.
- Strong analytical and problem-solving skills, with the ability to make data-driven decisions.
TECHNICAL SKILLS
- 3 to 4 years of experience in Security Operations and Incident Response.
- 3 to 4 years of experience in breach-class incident response investigation.
- 2 to 3 years of experience in digital forensics and forensic analysis.
- 3 to 4 years of experience using EDR tooling for incident response.
- 3 to 4 years of experience in developing and assessing operational process documentation.
- 3 to 4 years of experience in live response analysis and developing host activity timelines.
- 2 to 3 years of experience in incident response reporting.
PREFERRED
- Experience with enterprise-scale cybersecurity operations.
- Familiarity with advanced EDR tooling.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other non-merit factor. We are committed to creating a diverse and inclusive environment for all employees.