Senior SOC Analyst - Systems Integrator
Hamilton Barnes View all jobs
- Canada
- Permanent
- Full-time
- SOC MONITORING, DETECTION & ADVANCED TRIAGE:
- Perform advanced investigation of security escalations across SIEM, XDR, EDR, email, identity, cloud, and network telemetry
- Act as an escalation point for Tier 1 analysts
- Create and update runbooks for Tier 1 analysts to execute
- Automate routine processes to improve efficiency
- INCIDENT RESPONSE & FORENSICS:
- Lead end-to-end incident response including containment and remediation
- Execute active response actions such as endpoint isolation when authorized
- Perform forensic analysis to determine root cause and remediation in collaboration with IT Support team
- Produce root cause analysis and lessons learned reports
- SECURITY PROGRAMS AND SERVICES:
- Support delivery of phishing simulations and awareness programs
- Analyze phishing trends and user behavior to tailor protection capabilities
- Review dark web escalations related to exposed credentials, and drive credential containment actions if required
- Investigate and respond to phishing and BEC campaigns
- Recommend and apply email security posture improvements
- Investigate endpoint alert escalations
- Coordinate containment and remediation actions
- Manage and investigate DLP incidents and configurations
- Recommend and execute policy tuning for platforms
- Support identity security hardening initiatives
- Support vulnerability scanning and remediation tracking, prioritization, and remediation
- Monitor, investigate, and respond to security alerts generated from perimeter network security controls including firewalls, VPN gateways, web application firewalls (WAF), and remote access solutions
- Perform advanced triage of perimeter-related alerts such as intrusion attempts, anomalous traffic patterns, blocked exploit attempts, suspicious VPN activity, and unauthorized access attempts
- Correlate firewall, VPN, and WAF telemetry with endpoint, identity, email, and cloud signals to determine attack scope, intent, and progression
- Support active incident response involving perimeter controls by:
- Recommending or executing temporary containment actions (e.g., IP blocking, geo-restrictions, access revocation) in accordance with client authorization and established playbooks
- Coordinating rapid response during active exploitation, brute force, or reconnaissance activity
- Investigate and validate web-based attacks including SQL injection, cross-site scripting (XSS), credential stuffing, and application-layer abuse observed through WAF telemetry
- Review firewall and perimeter security events during incident investigations to identify initial access vectors, lateral movement paths, or command-and-control activity
- Provide actionable recommendations to improve perimeter security posture
- MENTORSHIP & OPERATIONS:
- Mentor Tier 1 analysts
- Contribute to SOC process improvements
- Collaborate with IT Support and other functions
- AVAILABILITY:
- Participate in on-call rotation for 24/7 SOC coverage
- Excellent oral and written communication skills
- Up to date technical certifications and skills
- Security compliance knowledge
- 5+ years of experience in SOC, MDR, or incident response roles, preferably in an MSSP environment
- Experience operating in a multi-tenant SOC supporting multiple customer environments
- Strong working knowledge of SIEM/XDR, EDR, email security, identity security, and vulnerability management
- Ability to work outside standard business hours and participate in an on-call rotation
- Remote work readiness with a professional and secure workspace
- Competitive Salary based on experience.