• Act as the central escalation point for all incident response activities, including triage, IOC identification, escalation, and post-incident actions.
• Lead complex technical investigations involving packet capture, traffic analysis, and advanced troubleshooting.
• Contribute to the development and enhancement of CERT and machine investigation lifecycles
• Develop, maintain, and document incident response methods, policies, procedures, and best-practice guidelines.
• Create and maintain a detailed Incident Response runbook covering tools, forensic techniques, and investigative workflows
• Conduct live endpoint and offline forensic investigations, including evidence collection and remediation recommendations
• Implement and operationalize an incident response-focused ticketing system to improve tracking, reporting, and metrics
• Collaborate with third-party partners on investigations, business email compromise cases, post-breach remediation, and security improvements
• Produce incident response metrics and reporting
• Mentor team members on DFIR methodologies and forensic techniques
• Support Sales and SOC teams in transitioning IR, PBR, RMS, and eDiscovery engagements into long-term SOC services
• Develop and present technical investigation reports for clients and KPI dashboards for senior leadership
• Participate in a 24x7/365 incident response rotation for critical escalations and root-cause analysis

• 4–6+ years of hands-on incident response experience
• Hands-on experience responding to ransomware incidents and business email compromise (BEC) investigations
• Experience conducting incident response tabletop exercises
• Strong experience deploying and managing EDR technologies
• Knowledge of security frameworks, including NIST
• Proven experience developing and implementing IR methodologies and processes
• Hands-on experience with live endpoint investigations and forensic analysis across on-prem and cloud environments
• Strong familiarity with DFIR tools and investigative methodologies
• Broad technical knowledge across operating systems, virtualization, networking, firewalls, VPNs, SIEM, gateways, and related security technologies
• Experience mentoring team members or delivering internal training
• Ability to support operations across three regions as required
• Understanding of penetration testing fundamentals is an asset
• Bilingual (English/French) is considered a strong asset

• Paid Time Off
• Wellness Leave
• Birthday Day Off
• Health Benefits
• RRSP Program

This posting is for an existing vacancy with the organization.

AI may be used to screen, assess or select applicants for the position.