About the role
A major Canadian financial services firm is growing its SOC and wants intermediate-to-senior analysts who can run an investigation end to end and grow into IR leadership over the next 12–24 months.
What you’ll do
- Triage and investigate alerts across SIEM (Splunk) and EDR
- Lead investigations on P2/P3 incidents, with senior IR escalation paths
- Write and tune detection content; partner with the threat-intel team
- Document playbooks and contribute to tabletop exercises
- Mentor junior analysts on triage discipline
What you bring
- 3+ years in a SOC or IR role (financial services experience a plus)
- Deep Splunk SPL and EDR experience (CrowdStrike or SentinelOne)
- Working fluency in MITRE ATT&CK and the diamond model
- GCIH, GCFA, or equivalent is welcome but not required