JSOC - Senior Cybersecurity Specialist - Incident Response

Questrade Financial Group•Toronto, ON

32d•Hybrid

About The Position

Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, Zolo, and Flexiti Financial Inc., provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money. We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of. At QFG, we have a culture of innovation where technology serves people—both our team and our customers. We see AI as a collaborative and transformative enabler, and we are seeking forward-thinking individuals who can effectively integrate it into their daily work. The ideal candidate will be a catalyst for change, helping us use AI to create a more efficient and rewarding employee experience while also developing cutting-edge solutions that delight and serve our customers. Join us in shaping a future where AI empowers our team to do their best work and helps us deliver unparalleled customer experiences. This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG. What’s in it for you as an employee of QFG? Health & wellbeing resources and programs Paid vacation, personal, and sick days for work-life balance Competitive compensation and benefits packages Work-life balance in a hybrid environment with at least 3 days in office Career growth and development opportunities Opportunities to contribute to community causes Work with diverse team members in an inclusive and collaborative environment We’re looking for our next Senior SOC Specialist. Could It Be You? Your contribution delivering sustainable and measurable results in the following areas will be very important: Identifying and responding to cyber threats - safeguarding our company's infrastructure and data. You will be primarily involved in supporting the alert development cycle, triaging and investigating alerts, managing the full incident response lifecycle (investigation, containment, eradication, and recovery) and collecting and tracking metrics for reporting. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as contribute to process improvements and build documentation for new tools.

Requirements

5+ years of relevant experience in performing Cybersecurity Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.
Experience in the creation and fine-tuning of detection rules.
Practical experience integrating security tools via APIs for automation, and familiarity with Security Orchestration, Automation, and Response (SOAR) concepts.
Experience with complex investigations and incident response using EDR tools such as CrowdStrike Falcon and SIEM tools such as Elastic Security (KQL, ESQL, Timeline analysis).
Experience with forensic triage (disk, memory, network) and multiple operating systems (Mac, Linux, Windows).
Experience with building SOC processes, playbooks, SIEM correlation rules, and incident reports.
Proven experience in incident management and communication under pressure.
Knowledge of programming languages such as Python, JavaScript and others.
Knowledge of NIST Cybersecurity Framework, MITRE ATT&CK.
Knowledge of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.

Nice To Haves

GCIH, GCED, CCFR, HTB CDSA, GCFA, CHFI or similar relevant certifications.

Responsibilities

Mentor and provide technical guidance to junior SOC analysts.
Monitor, analyze and report possible cybersecurity attacks.
Investigate and perform analysis of threat indicators.
Gather Indicators of compromise and any relevant data to use with threat hunting activities.
Leverage security tools (Elastic, CrowdStrike and more) for analysis to identify malicious activities.
Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
Execute containment and eradication actions following established playbooks.
Participate in on-call and hands-on scheduled shift rotations, including outside of business hours.
Coordinate Security Incident Response and investigation with other internal teams and 3rd party providers.
Document incident timelines, evidence, and actions taken for post-incident review.
Perform post-incident reviews and produce lessons-learned reports.
Maintain and improve incident response playbooks and runbooks.
Participate in tabletop exercises and IR simulations.
Provide proactive security investigation and searches on corporate environments to detect malicious activities.
Maintain up-to-date understanding of security threats, countermeasures, security tools, cloud security and SaaS technologies.
Maintain technical proficiency through training, keeping up with industry best practices, and security frameworks.
Communicate investigation findings and risk posture to technical and non-technical stakeholders.
Own and report on SOC operational metrics (MTTD, MTTR, alert fidelity).