JSOC - Principal Cybersecurity - Incident Response

Questrade Financial Group•Toronto, ON

32d•Hybrid

About The Position

Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, Zolo, and Flexiti Financial Inc., provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money. We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of. At QFG, we have a culture of innovation where technology serves people—both our team and our customers. We see AI as a collaborative and transformative enabler, and we are seeking forward-thinking individuals who can effectively integrate it into their daily work. The ideal candidate will be a catalyst for change, helping us use AI to create a more efficient and rewarding employee experience while also developing cutting-edge solutions that delight and serve our customers. Join us in shaping a future where AI empowers our team to do their best work and helps us deliver unparalleled customer experiences. This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG. What’s in it for you as an employee of QFG? Health & wellbeing resources and programs Paid vacation, personal, and sick days for work-life balance Competitive compensation and benefits packages Work-life balance in a hybrid environment with at least 3 days in office Career growth and development opportunities Opportunities to contribute to community causes Work with diverse team members in an inclusive and collaborative environment We’re looking for our next Principal SOC Specialist. Could It Be You? Your contribution delivering sustainable and measurable results in the following areas will be very important: Identifying and responding to cyber threats - safeguarding our company's infrastructure and data. You will be primarily involved in leading the alert development cycle, triaging and investigating alerts, managing the full incident response lifecycle (investigation, containment, eradication, and recovery) and collecting and tracking metrics for reporting. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as drive process improvements and establish documentation for new tools. Need more details? Keep reading…

Requirements

8+ years of relevant experience in performing and leading Cybersecurity Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.
Extensive experience designing, implementing, and optimizing detection rules and detection-as-code frameworks.
Demonstrated expertise integrating security tools via APIs for automation, and hands-on experience implementing Security Orchestration, Automation, and Response (SOAR) workflows.
Deep expertise leading complex, multi-vector investigations and incident response using EDR tools such as CrowdStrike Falcon and SIEM tools such as Elastic Security (KQL, ESQL, Timeline analysis).
Advanced experience with forensic triage (disk, memory, network) and multiple operating systems (Mac, Linux, Windows).
Proven track record of designing and maturing SOC processes, playbooks, detection strategies, SIEM correlation rules, and incident reports.
Proven ability to lead incident management for high-severity incidents, with excellent communication under pressure.
Proficiency in programming languages such as Python, JavaScript and others for security automation and tooling development.
Deep understanding of NIST Cybersecurity Framework, MITRE ATT&CK, and ability to apply them to detection engineering and threat modeling.
Comprehensive understanding of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.
Demonstrated experience mentoring and developing technical skills across a security team.
Strong ability to translate technical findings into strategic recommendations for leadership.
Experience with cloud-native security monitoring (GCP, AWS, Azure).

Nice To Haves

GCIH, GCED, CCFR, HTB CDSA, GCFA, CHFI, GREM, OSCP, CISSP or similar relevant certifications.

Responsibilities

Mentor and elevate the technical capabilities of the SOC team.
Monitor, analyze and report possible cybersecurity attacks.
Investigate and perform analysis of threat indicators.
Gather Indicators of compromise and any relevant data to use with threat hunting activities.
Leverage security tools (Elastic, CrowdStrike and more) for analysis to identify malicious activities.
Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
Lead containment and eradication efforts, making critical decisions during high-severity incidents.
Participate in on-call and hands-on scheduled shift rotations, including outside of business hours.
Lead Security Incident Response and serve as the escalation point for complex investigations across internal teams and 3rd party providers.
Document incident timelines, evidence, and actions taken for post-incident review.
Lead post-incident reviews and drive continuous improvement from lessons learned.
Define and continuously improve the SOC's incident response playbooks, runbooks, and detection strategy.
Design and lead tabletop exercises and IR simulations.
Coordinate and run proactive investigations and threat hunts across corporate environments and detect malicious activities.
Maintain up-to-date understanding of security threats, countermeasures, security tools, cloud security and SaaS technologies.
Set the standard for technical proficiency; evaluate and recommend tools, techniques, and methodologies for the team.
Present investigation, incident response findings and strategic recommendations to senior leadership and executive stakeholders.
Define, own, and report on SOC operational metrics (MTTD, MTTR, alert fidelity) and use data to drive strategic improvements.