Senior Security Analyst (Permanent/Full-Time)

CoreFactor is searching for a Senior Security Analyst on a permanent/full-time basis for a client in the GTA.This position is hybrid and will require the successful incumbent to be in the office four (4) times per week.

The Opportunity

The Senior Security Analyst, will report to the Cyber Security Operations Manager and play a key role in strengthening and maturing the organization's security operations capabilities. This is an opportunity to provide senior-level expertise across monitoring, detection, investigation, and incident response activities, while helping advance cybersecurity operations.

This role requires a highly motivated and experienced security professional with strong analytical, technical, and problem-solving skills. The successful candidate will bring deep expertise in security monitoring, alert triage, incident investigation, threat detection, and containment across endpoint, network, cloud, identity, and enterprise platforms.

Acting as a senior liaison between technical teams and business stakeholders, this role will be responsible for leading complex investigations, improving detection coverage, supporting incident response activities, and communicating security risk in a clear and actionable manner. A strong foundation in security frameworks, attack techniques, and operational best practices is essential.

The Role

Monitor, triage, and investigate security alerts and events across SIEM, EDR, email security, identity, cloud, and network security platforms. Lead complex incident investigations, including scoping, containment coordination, root cause analysis, and post-incident follow-up activities.

Perform advanced threat hunting and anomaly analysis to identify malicious activity, suspicious behaviour, and emerging attack patterns across enterprise environments. Develop, tune, and optimize detection logic, SIEM use cases, correlation rules, playbooks, and alerting processes to improve visibility and reduce false positives.

Partner with infrastructure, cloud, networking, and application teams to support containment, eradication, and recovery activities during security incidents. Review and analyze endpoint, network, identity, and cloud telemetry to assess impact, determine attack paths, and support risk-based response decisions.

Support incident response readiness through development and maintenance of investigation procedures, response playbooks, escalation paths, and documentation. Perform threat intelligence review and translate relevant indicators, tactics, techniques, and procedures into actionable detection and response improvements.

Coordinate with internal stakeholders and external partners as required during investigations, including evidence gathering, case management, and reporting. Participate in 24x7 incident response support and provide senior-level operational guidance during major security events and escalations.

Identify opportunities to improve SOC processes, detection coverage, automation, and analyst workflows to strengthen operational effectiveness. Collaborate with internal stakeholders and external service providers to strengthen security operations processes, detection coverage, and incident response effectiveness.

Requirements

• Proven hands-on experience with SIEM, EDR, and other enterprise security monitoring platforms such as Microsoft Sentinel, Splunk, Defender XDR, or equivalent tools.
• Strong knowledge of SOC operations, including alert triage, incident analysis, containment support, case management, escalation, and post-incident review.
• Experience developing and tuning detections, analytics, correlation rules, and response workflows to improve visibility and reduce noise.
• Advanced analytical and investigative skills, with the ability to interpret logs, telemetry, and attacker behaviour across endpoint, identity, cloud, email, and network environments.
• Strong understanding of attack techniques, adversary behaviour, and security frameworks such as MITRE ATT&CK, NIST, or equivalent operational models.
• Demonstrated ability to balance technical depth with business acumen, communicate investigation findings clearly, and support risk-based decisions during security events.
• High attention to detail and a strong commitment to producing accurate, concise, and audit-ready investigation notes, reporting, and recommendations.
• Ability to work effectively across Infrastructure, Cloud, Data, Applications, and business functions to support security operations, incident response, and risk-based decision-making.
• Demonstrated ability to build trusted relationships, influence stakeholders, and coordinate cross-functional response activities during security incidents and operational escalations.
• Strong collaboration and mentoring capabilities, with a willingness to support team development and contribute to an open, inclusive, and high-performing security operations environment.
• Highly organized with the ability to manage competing priorities, coordinate follow-ups, and track investigations and security initiatives in a fast-paced environment.
• Excellent written and verbal communication skills, with the ability to tailor messaging for technical teams, leadership, and business stakeholders.
• Minimum of 7 years of progressive experience across information security functions such as security operations, incident response, threat detection, threat hunting, digital forensics, or security engineering.
• Hands-on experience investigating complex security incidents across endpoint, network, identity, email, and cloud environments.
• Experience leading or coordinating incident response activities, escalations, or cross-functional security investigations in a complex enterprise environment.
• Experience with modern SOC tooling, case management processes, and operational reporting is strongly preferred.
• Bachelor’s degree in Information Technology, Engineering, Computer Science, or a related discipline is preferred.
• Professional certifications in Information Security such as GCIH, GCIA, CISSP, Security+, SC-200, SC-900, or equivalent are preferred.
• Relevant cloud, incident response, threat hunting, or digital forensics certifications are considered an asset.