About True Aim Solutions
True Aim Solutions is an IT advisory and talent placement firm that connects organizations with specialized cybersecurity and infrastructure professionals. We are conducting this search on behalf of a client, and the successful candidate will be placed with the client's team. True Aim partners closely with both clients and candidates — bringing integrity, technical fluency, and a people-first approach to every placement — to make sure the role is the right fit on both sides.
This is a placement opportunity. True Aim Solutions is managing the search and hiring process on behalf of a confidential client. Client details are shared with candidates as the process advances.
Role Overview
On behalf of our client, True Aim Solutions is seeking a Cyber Security Analyst to serve as a core member of the client's Security Operations Center, detecting, triaging, and responding to threats across the environment. This is not a dashboard-watching role — you will treat the incident response lifecycle as an engineering problem and help automate repetitive work so the team can focus on the threats that matter most.
Emphasis: SOC Operations & SOC Automation
This role centers on modern, automation-first security operations. Our client is looking for an analyst who instinctively asks “how can I automate this?” — someone who builds high-fidelity detections, develops SOAR playbooks, and uses scripting and AI-driven workflows to scale defensive capabilities and reduce mean time to detect and respond.
Key Responsibilities
- Monitor, triage, and investigate security alerts across SIEM, EDR, and cloud security platforms.
- Lead and support incident response across the full lifecycle: detection, triage, containment, eradication, and recovery.
- Design and build SOAR playbooks and automated workflows to handle detection, enrichment, triage, and remediation at machine speed.
- Develop and tune high-fidelity detection rules and use cases to reduce false positives and alert fatigue.
- Write scripts and integrations (Python, APIs, webhooks) to automate repetitive analyst tasks and connect security tooling.
- Apply AI-driven and LLM-assisted workflows to accelerate investigation, enrichment, and reporting.
- Monitor and respond to security events across converged IT and operational technology (OT) environments where applicable.
- Perform threat hunting and use each incident as data to build better future detections and automation.
- Document incidents, produce metrics, and contribute to runbooks, post-incident reviews, and continuous improvement.
- Collaborate with engineering and business stakeholders, and support compliance evidence gathering as needed.
Required Qualifications
- 3–5 years of experience in a SOC, security operations, or incident response role.
- Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Elastic) and EDR tooling.
- Working proficiency in Python and comfort with APIs, webhooks, and version control (Git).
- Experience building or maintaining SOAR playbooks or other security automation.
- Solid understanding of common attack techniques and frameworks such as MITRE ATT&CK.
- Cloud security fundamentals, including familiarity with AWS (IAM, CloudTrail, GuardDuty) or Azure equivalents.
- Strong analytical, documentation, and communication skills, with a bias toward automating manual work.
- Bachelor's degree in a related field or equivalent practical experience.
Preferred Qualifications
- Experience integrating LLMs or AI assistants into security operations workflows (e.g., prompt engineering, MCP servers).
- Detection engineering experience and familiarity with detection-as-code practices.
- Experience with Kubernetes (EKS/AKS) and container security monitoring.
- Certifications such as Security+, CySA+, GCIA, GCIH, BTL1, or SC-200.
- Exposure to compliance frameworks (SOC 2, FedRAMP, HIPAA, PCI-DSS) and evidence generation.
- Exposure to operational technology (OT)/ICS security monitoring — detecting, triaging, and responding to threats across industrial control systems and converged IT/OT environments.
- Familiarity working in a professional services environment — such as a legal firm or financial institution — including the confidentiality, discretion, and regulatory expectations those settings demand.
Compensation & Benefits
- Compensation in the 105k-130k band, commensurate with experience.
- Comprehensive benefits offered through the client — medical, dental, vision, and retirement
- Hybrid schedule balancing on-site collaboration and remote focus.
- Long-term growth opportunity with an established organization.
- Placement, onboarding, and ongoing support provided by the True Aim Solutions team.
How to Apply
To apply or learn more about this confidential opportunity, submit your resume to True Aim Solutions. All inquiries are handled confidentially, and our recruiting team will share additional details about the client and role with qualified candidates during the process.
Equal Opportunity
True Aim Solutions and our client are equal opportunity employers. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other characteristic protected by law.
Job Type: Full-time
Pay: $105,000.00-$130,000.00 per year
Benefits:
- Dental care
- Extended health care
- Paid time off
Work Location: Hybrid remote in Toronto, ON (Toronto District)