Security Analyst I (Mat-leave Coverage)

Varicent

2d•CA$76,800 - CA$96,000

About The Position

Our Information Security team is looking for a motivated, hands-on Security Analyst I to support the execution of day-to-day security operations while contributing to foundational security engineering initiatives. This role provides exposure across multiple security domains, including security monitoring and incident response, security tooling and controls engineering, application security testing, vulnerability management, security risk assessments, and emerging AI security practices. As a Security Analyst I, you will partner closely with stakeholders across Cloud Operations, Engineering, IT, and business teams to strengthen our security posture through operational excellence, continuous improvement, and a risk-based approach to decision-making. This is an exciting opportunity for a security professional who enjoys solving complex challenges, driving meaningful improvements, and making a measurable impact across the organization. This is a contract role to cover a maternity leave, with an expected length of 1 year.

Requirements

Bachelor's degree in Technology Management, Information Security, Computer Science, Computer Engineering, or equivalent practical experience.
3–5 years of experience in Information Security, Security Engineering, or Security Operations.
At least one industry-recognized security certification (CISSP, CISA, CCSP, or equivalent).
Experience working with public cloud platforms such as AWS, IBM Cloud, or Google Cloud Platform (GCP).
Strong understanding of securing cloud environments, operating systems, networks, databases, and applications.
Hands-on experience with security technologies including SIEM, WAF, DLP, EDR, and infrastructure/vulnerability scanners.
Knowledge of industry frameworks and standards such as NIST CSF and ISO 27001/27002.
Familiarity with controls and compliance requirements related to SOC 1, SOC 2, PCI, and HIPAA.
Excellent written and verbal communication skills with the ability to clearly document findings and communicate risk.
Strong problem-solving skills, accountability, and a continuous learning mindset.
Fluency in English.

Nice To Haves

Experience integrating security controls and tooling into CI/CD pipelines, including alerting, scanning, ticket creation, and deployment gating.
Experience developing security automations using Python, PowerShell, Bash, or similar scripting languages.
Hands-on experience with OneTrust, including workflow management, evidence collection, and assessment reporting.
Experience conducting threat modeling and risk assessments using STRIDE methodology.

Responsibilities

Coordinate the deployment, configuration, testing, monitoring, and ongoing maintenance of security technologies, including SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, URL filtering, email security, and application/vulnerability scanning platforms.
Lead small-to-medium-sized security initiatives from requirements gathering through design, testing, pilot execution, and implementation.
Support proof-of-concept evaluations and product assessments to ensure proposed solutions align with security strategy, standards, and industry best practices.
Act as a service or tool owner by identifying enhancements, maintaining operational runbooks, and recommending improvements for tools under your responsibility.
Develop and maintain procedures, workflows, architecture diagrams, and operational playbooks that support security monitoring and engineering activities.
Investigate and triage security events using technologies such as SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, and email security solutions.
Detect, respond to, and support investigations of security incidents while documenting root-cause analysis and lessons learned.
Follow established incident response procedures and playbooks, escalating critical findings appropriately and efficiently.
Apply analytical and adversarial thinking to identify, protect, detect, respond to, and recover from common cyber threats and attack vectors.
Perform and support secure baseline reviews, infrastructure scanning, endpoint scanning, application vulnerability assessments, penetration testing validation, and AI red-teaming exercises.
Review vulnerability findings for accuracy and completeness while partnering with stakeholders to prioritize remediation efforts based on risk.
Escalate critical vulnerabilities, zero-day threats, and high-priority risks while supporting rapid mitigation efforts.
Contribute to continuous improvements in vulnerability management workflows through automation and the integration of security testing into CI/CD pipelines.
Conduct security risk assessments for internal initiatives, product enhancements, vendors, and productivity tools.
Perform STRIDE-based threat modeling for internal projects and AI-enabled solutions, producing actionable recommendations and clear risk reports.
Apply a risk-based approach to evaluating Agentic AI technologies and AI-related security risks.
Conduct vendor risk assessments within OneTrust and support broader third-party risk management activities.
Identify opportunities to strengthen controls, improve processes, and enhance security outcomes across teams.
Stay informed on emerging threats, technologies, and industry best practices, sharing relevant insights with colleagues and stakeholders.