Information Security Analyst - II/Senior

Job Overview

This is an exciting time to join Wawanesa's Information Security team! We are hiring for our Incident Response team.
Wawanesa's Cyber Threat Management team are our cyber-attack first-responders. We monitor, urgently investigate, and contain cyber threats. Our mission is to provide verifiably timely, consistent, accurate, and thorough detection and response to cyber threats. 
Our team is a collaborative group of analysts responsible for threat monitoring, incident response, digital forensics, and cyber threat intelligence.
Within that team, the Information Security Analyst is responsible for monitoring and responding to cyber threats, and for the continued improvement of that capability. You will work with many different data sources and threat detection systems to keep our company safe.
To thrive in this team, you are curious, friendly, respectful, and supportive. You have an investigator's mindset: looking for clues and following evidence to verify whether our systems are under threat and acting to protect them.
You will work with minimal supervision, but together with others in both Cyber Threat Management and other teams to achieve our shared goals.

Job Responsibilities

• Monitor security telemetry and threat intelligence feeds to identify suspicious activity across the environment
• Triage and validate detections from SIEM, EDR, and other security tools; determine scope, severity, and business impact
• Investigate suspected incidents end-to-end, correlating host, network, and cloud evidence to confirm, contain, and remediate threats
• Rapidly contain active threats by executing response actions (e.g., isolating endpoints, disabling accounts, blocking IOCs) in accordance with approved playbooks
• Conduct digital forensics and sensitive investigations in collaboration with Legal/Privacy and other partners, maintaining chain of custody and appropriate documentation
• Identify, capture, and operationalize indicators of compromise (IOCs) and attacker tactics, techniques, and procedures (TTPs); contribute to threat intelligence and detection improvements
• Produce clear incident documentation, timelines, and post-incident reports; provide actionable recommendations to reduce recurrence and strengthen controls
• Collaborate with IT operations, infrastructure, application teams, and other cybersecurity functions to coordinate response activities and drive remediation to completion
• Develop, refine, and maintain incident response procedures, playbooks, and detection content to improve response speed and consistency
• Act as an escalation resource and mentor for other analysts, supporting knowledge sharing and continuous improvement
• Participate in the incident response on-call rotation and support after-hours response as requiredhors des heures normales

Qualifications

• Completion of post-secondary education from an accredited institution in Cyber Security, Information Technology, or a related field
• At least 5 years of Information Technology experience, with at least 3 years of experience in cybersecurity operations, threat detection, or incident response
• Knowledge of cybersecurity, incident response, and threat modelling frameworks
• Experience with one or more of the following:
  
  • Practical experience with SPL, CQL, KQL, SQL, regex and/or other search and pattern matching languages
  • SIEM, EDR, NGFW, CASB, DRPS, TIP, Email Protection, NGAV, CSPM, AIDR
  • Splunk Enterprise Security, Crowdstrike Falcon, Proofpoint Email Protection
  • Copilot, Github Copilot, Copilot for Security, or other AI-based tools
  • AWS or Azure Cloud Security
• Identity management, client/server applications, authentication systems, IDS/IPS
• Ability to take initiative and respond with an appropriate sense of urgency
• Ability to build and maintain high credibility with all business partners
• Ability to adjust priorities and manage time in an environment of change
• Strong analytical and problem resolution skills
• Strong verbal, written communications, and task management skills
• Ability to document and explain technical concepts and details clearly and concisely to a variety of audiences (e.g., technical, business, auditors, etc.)
• Self-motivated and willing to accept additional responsibilities as the position expands
• Possess or actively work to obtain a professional cybersecurity certification (CISM, CISSP, or equivalent)
• Technical certifications in cybersecurity defense or forensics (e.g., GIAC) are considered an asset
• Project management knowledge and experience considered an asset