Sr. IT Security Analyst

407 ETR -
Woodbridge, ON

Postuler dès maintenant

Détails du poste

Temps plein
De 115 000 $ à 140 000 $ par an
Il y a 14 jours

Profil recherché

Authentification
Relations publiques
Azure
Informatique
Audit financier
Ingénierie
CISSP
CISM
Réponse aux incidents
Baccalauréat
Réseaux informatiques
ISO 27002
Certification GCIA
Architecture de réseau
Sécurité
Technologies de l'information
ISO 27001
SIEM
Métadonnée
Diplôme d'études collégiales (hors Québec)
CompTIA Security+
Active Directory
GCIH
Gestion des identités et de l'accès

Description complète du poste

Title: Sr. IT Security Analyst

Department: Information Technology

Location: 6300 Steeles Ave West, Woodbridge

Total Potential Compensation: $115,000-$140,000

Position Summary:

The Senior Security Analyst – Security Operations is responsible for operating, maturing, and continuously improving core cyber defense and detection capabilities across the enterprise. This role has a strong focus on Vulnerability Management, Endpoint Detection & Response (EDR), Network Detection & Response (NDR), and day‑to‑day Security Operations.

The incumbent will act as a senior technical resource within the SOC, providing advanced analysis, threat-driven prioritization, and operational leadership across security monitoring, incident response, vulnerability remediation, and control effectiveness measurement. The role directly contributes to improving the organization’s cyber risk posture, with measurable outcomes reflected in Security Risk Index (SRI) and other governance metrics aligned to NIST and ISO frameworks.

After-hours support and on-call duties may be required for high-severity security incidents.

Position Responsibilities:

Vulnerability Management

Own and operate the enterprise vulnerability management lifecycle, including discovery, assessment, prioritization, remediation tracking, and risk acceptance

Correlate vulnerability data with asset criticality, exploitability, threat intelligence, and exposure to drive risk-based remediation

Track remediation SLAs and escalate overdue or accepted risks through appropriate governance channels

Support internal and external audit evidence for vulnerability management controls

Contribute vulnerability metrics to executive and risk committee reporting (e.g., SRI/NSRI)

Security Operations & Incident Response

Act as a senior escalation point for security incidents, providing deep technical analysis, containment guidance, and remediation recommendations

Lead investigation of alerts generated by EDR, NDR, SIEM, and security analytics platforms

Coordinate incident response activities across IT Infrastructure, Network, Cloud, and Application teams

Develop and maintain incident response playbooks, runbooks, and escalation procedures

Support post‑incident reviews, root cause analysis, and lessons learned tracking

Endpoint Detection & Response (EDR)

Operate and tune EDR platforms to improve detection fidelity, reduce false positives, and enhance response effectiveness

Analyze endpoint telemetry for indicators of compromise (IOC), anomalous behavior, and threat actor activity

Support endpoint containment actions such as process isolation, host quarantine, and forensic data collection

Partner with IT Operations to ensure EDR coverage, health, and policy compliance across endpoints

Network Detection & Response (NDR)

Operate and maintain NDR capabilities, including alert triage, investigation, and threat hunting

Analyze network traffic, metadata, and behavior-based detections to identify lateral movement, command-and-control activity, and policy violations

Collaborate with Network teams to validate detections and improve network security controls and segmentation

Use NDR telemetry to validate network segmentation effectiveness and control gaps

Threat Detection & Threat Hunting

Perform proactive threat hunting using EDR, NDR, SIEM, and log analytics platforms

Apply MITRE ATT&CK–aligned techniques to identify stealthy or low-signal threats

Integrate external threat intelligence into detection and hunting activities

Recommend detection engineering improvements to SOC tooling and analytics

Metrics, Risk & Compliance

Define and maintain security operations KPIs and KRIs (incident trends, MTTR, vulnerability aging, control coverage)

Contribute to Security Risk Index (SRI) calculations and continuous improvement initiatives

Ensure alignment with NIST CSF, ISO 27001/27002, and internal security standards

Support audits by providing defensible evidence of control operation and effectiveness

Continuous Improvement & Leadership

Mentor junior analysts and provide technical guidance within the SOC

Identify opportunities to improve automation, orchestration, and response workflows

Participate in security architecture reviews and technology evaluations related to detection and response

Contribute to the development of security standards, procedures, and operational playbooks

Identity & Access Management (IAM)

Support operational security of IAM platforms (e.g., Active Directory, Azure AD / Entra ID, PAM solutions)

Monitor and investigate identity‑based threats, including credential misuse, privilege escalation, and anomalous authentication behavior

Correlate IAM events with EDR, NDR, and SIEM telemetry during incident investigations

Support access reviews, entitlement validation, and privileged access oversight in collaboration with IAM and IT teams.

Assist with detection and response use cases related to:

Compromised accounts.

Excessive privileges.

Service account misuse.

Lateral movement via identity.

Contribute to IAM‑related risk metrics and control effectiveness reporting (e.g., MFA coverage, privileged account exposure).

Support audit evidence for IAM controls aligned to NIST CSF PR.AA, ISO 27001 A.5/A.8, and internal access standards.

Qualifications

Minimum 5+ years of experience in IT Security, with strong hands-on experience in Security Operations.
College Diploma or University Degree in Computer Science, Engineering, or related field.

EDR platforms (e.g., endpoint containment, alert triage, investigation).

NDR technologies and network-based threat detection.

Security Incident Response and Investigation.

Strong understanding of attacker techniques and defensive controls (MITRE ATT&CK).

Experience working in regulated or audit-driven environments.

Hands‑on experience supporting IAM security operations, including identity monitoring and access control validation.

Strong understanding of authentication, authorization, MFA, RBAC, and privileged access concepts.

Experience analyzing identity logs and alerts within SIEM or security analytics platforms.

Preferred Qualifications

Experience with enterprise SOC tooling including SIEM, EDR, NDR, SOAR.

Experience operating security controls in hybrid (on‑prem and cloud) environments.

Familiarity with Security Risk Index (SRI), cyber risk metrics, or risk-based reporting.

Knowledge of network architecture and segmentation concepts.

One or more of the following certifications:

CISSP

CISM

GCIA / GCED / GCEDR / GCIH

CompTIA Security+

SANS Blue Team certifications

We are actively seeking to fill this role as it is a current vacancy.

About 407 ETR

Highway 407 ETR is an all-electronic open-access toll highway located in the Greater Toronto Area in Ontario, Canada. The highway spans 108 kilometres from Burlington in the west to Pickering in the east.

407 International Inc. is the sole shareholder of 407 ETR and is owned by:

Cintra Global S.E., a subsidiary of Ferrovial S.A. (48.29%)
Canada Pension Plan Investment Board (CPP Investments) and other institutional investors with non-controlling interests (44.20%)
Public Sector Pension Investment Board (PSP Investments) (7.51%)

Learn more at 407etr.com

Note: At 407 ETR, we are committed to fostering a diverse, equitable, and inclusive work environment. We value the unique perspectives and backgrounds of all individuals, and we firmly believe that our individual differences make us stronger as a whole.

Our commitment to inclusion extends beyond recruitment and encompasses an inclusive workplace culture through raising awareness, ongoing training, and encouraging feedback. We aim to create a safe and supportive environment where all employees can thrive.

Accommodation for disabilities or other grounds protected by human rights legislation are available upon request for candidates taking part in all aspects of the employment selection process.

Postuler dès maintenant

Outils pour les chercheurs d'emploi

Outils Employeurs

Parcourir

Garder le contact