The Cyber Security Analyst will support the Security Operations Center (SOC) by monitoring, detecting, analyzing, and responding to cybersecurity threats and incidents. This role works closely with the security team to implement and enhance processes that protect networks, systems, devices, and data from unauthorized access, malicious attacks, and other security risks. This role is 4 month contract plus extension and possibility of conversion. The role will be 4 days onsite in Vancouver and 1 day remote.
Key Responsibilities
- Monitor and triage security alerts and incidents, performing in-depth investigations to determine impact and root cause.
- Correlate security events with threat intelligence, indicators of compromise (IOCs), and threat actor tactics, techniques, and procedures (TTPs).
- Prioritize and assess security alerts to determine whether a legitimate security incident has occurred; escalate complex incidents to Tier 3 teams when resolution cannot be achieved within SLA requirements.
- Analyze, investigate, and remediate low- to medium-priority security incidents.
- Review logs, network traffic, endpoint activity, and other data sources to identify and contain threats.
- Identify vulnerabilities, create remediation tickets, and track corrective actions through resolution.
- Develop and maintain scripts, tools, and automation workflows to improve detection, investigation, and response capabilities.
- Tune and optimize security solutions, including EDR platforms, detection rules, alerts, and monitoring processes.
- Contribute to continuous improvement of SOC processes, playbooks, and incident response procedures.
Required Skills & Experience
Education
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
Experience
- 2–4 years of experience in one or more of the following areas:
- Security Operations (SOC)
- Incident Response
- Information Security
- Security Technologies
Technical Skills
- Strong understanding of cybersecurity concepts and threat categories, including malware, phishing, defense-in-depth, and the MITRE ATT&CK framework.
- Experience with Microsoft 365 Security, Microsoft Azure, AWS, and/or Google Cloud Platform (GCP).
- Hands-on experience with security tools such as:
- SIEM platforms (Microsoft Sentinel, Splunk, Elastic, etc.)
- Endpoint Detection & Response (EDR)
- Firewalls
- IDS/IPS solutions
- Email security and anti-spam tools
- Server and network security hardening
- Strong knowledge of Windows, Linux, and/or macOS operating systems, including security event log analysis.
- Solid understanding of networking concepts and protocols, including SMTP, HTTP, HTTPS, FTP, DNS, and DHCP.
- Experience with query languages and scripting languages (e.g., KQL, SQL, PowerShell, Python, Bash).
- Experience with Security Orchestration, Automation, and Response (SOAR) tools.
- Proficiency with SharePoint, Excel, Jira, and Microsoft Office applications.
Preferred Qualifications
- Experience building automation and security workflows.
- Familiarity with threat hunting and advanced incident investigation techniques.
- Relevant cybersecurity certifications (e.g., Security+, CySA+, SC-200, GSEC, or similar) are a plus.