This role can be located in any CGI office in Canada.
The Incident Response Lead is part of CGI's Global Security Operations Center (GSOC), which provides 24/7 security monitoring, threat detection, and incident response capabilities across the organisation.
As a senior member of GSOC, the Incident Response Lead is responsible for leading the technical response to complex cybersecurity incidents, coordinating investigations, and driving containment, eradication, and recovery activities. Acting as the technical authority during major incidents, the role provides Incident leadership in GSOC while ensuring investigations are conducted using industry best practices and forensically sound methodologies.
The Incident Response Lead works closely with Security Monitoring, Detection Engineering, Threat Intelligence, Security Engineering, IT Operations, and business stakeholders to minimise organisational risk, improve incident response capabilities, and strengthen CGI's overall cyber resilience.
This role requires extensive experience in cyber incident response, digital forensics, threat actor tactics, techniques and procedures (TTPs), malware analysis, enterprise infrastructure, and cloud technologies. The successful candidate will combine deep technical expertise with strong leadership, communication, and decision making skills to manage high impact incidents in a fast paced global environment.
Your future duties and responsibilities
Key Responsibilities
. Lead the technical response to cybersecurity incidents, coordinating containment, eradication, recovery, and post incident activities.
. Conduct advanced investigations across endpoints, networks, cloud environments, identity platforms, and enterprise applications to determine root cause, attack scope, and business impact.
. Perform and oversee digital forensic investigations using industry standard and forensically sound methodologies, maintaining appropriate evidence handling and chain of custody.
. Develop and continuously improve incident response plans, playbooks, procedures, and operational standards.
. Conduct malware analysis, including static and dynamic analysis, and perform basic reverse engineering where required.
. Collaborate with Threat Intelligence, Detection Engineering, Security Monitoring, and Security Engineering teams to improve detection capabilities and operational readiness.
. Provide technical guidance and mentorship across GSOC, supporting junior partners professional development.
. Produce high quality technical reports, executive summaries, and lessons learned following security incidents.
. Identify opportunities to automate investigation workflows and improve the efficiency of incident response operations.
. Participate in an on call rotation providing 24/7 incident response support for high priority cybersecurity incidents.
Required qualifications to be successful in this role
The candidate should have expertise and strong experience including:
. Minimum of 7 years' experience in working in a similar cybersecurity role or associated discipline.
. Demonstrable experience leading complex cyber incident response engagements within enterprise environments.
. Strong knowledge of incident response frameworks, methodologies, and lifecycle management.
. Extensive understanding of threat actor tactics, techniques and procedures (TTPs) and the MITRE ATT&CK framework. . Advanced knowledge of Windows, Linux, Active Directory, Microsoft 365, Azure, networking, and enterprise security architecture.
. Experience conducting host, network, cloud, and identity investigations.
. Experience using enterprise security technologies, including SIEM, EDR/XDR, NDR, and forensic investigation tools.
. Experience performing digital forensic investigations and evidence preservation using forensically sound practices.
. Experience analysing malware using static and dynamic analysis techniques.
. Strong understanding of common attack techniques, persistence mechanisms, privilege escalation, lateral movement, and data exfiltration.
. Ability to lead technical teams during high pressure incidents while making effective risk based decisions.
. Excellent communication skills with the ability to explain complex technical concepts to both technical and executive audiences. . Knowledge of insider threat investigations and user behaviour analytics.
. Experience collaborating with legal, privacy, HR, or regulatory bodies during cyber investigations.
. Experience with cloud security investigations across Microsoft Azure, Microsoft 365, AWS, or Google Cloud Platform.
Qualifications & Certifications
. Bachelor's degree in Cyber Security, Computer Science, Information Technology, or a related discipline, or equivalent practical experience.
. Relevant industry certifications are desirable, including one or more of:
. GIAC Certified Incident Handler (GCIH)
. GIAC Certified Forensic Analyst (GCFA)
. GIAC Reverse Engineering Malware (GREM) . GCFE or GCIA . CISSP . CISM
CGI is providing a reasonable estimate of the pay range for this role. The determination of this range includes factors such as skill set level, geographic market, experience and training, and licenses and certifications. Compensation decisions depend on the facts and circumstances of each case. A reasonable estimate of the current range is $105,000–$155,000 This role is an existing vacancy.
#LI-AB19
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
At CGI, we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer, being able to perform your best during the recruitment process is important to us. If you require an accommodation, please inform your recruiter.
That same commitment to fairness extends to how we use technology. To support our recruitment team, AI tools may be used to help assess applications though they never replace human judgement. All hiring decisions remain entirely in the hands of our recruitment professionals.
To learn more about accessibility at CGI, contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.
Come join our team—one of the largest IT and business consulting services firms in the world.