IT Security Analyst

Job DescriptionThis role is responsible for monitoring, analyzing, and responding to security threats across the organization’s Information Technology (IT) infrastructure. The Security Analyst will work closely with the IT team to identify vulnerabilities, mitigate risks, and enhance the overall security operations of the company. The performance of the duties must ensure a quality service approach to all employees, customers and suppliers. All responsibilities must be performed in a manner consistent with the Farm Boy Way.Major Responsibilities: Proactively monitor network traffic, systems, and security logs for suspicious activity.Monitor and investigate security alerts using Security Information and Event Management (SIEM) and endpoint tools.Experience in writing SIEM queries and creating workflows.Perform penetration tests on applications, networks, APIs, and cloud environments.Conduct vulnerability assessments, exploit validation, and proof-of-concept testing.Run red team/blue team exercises and incident response simulations.Develop detailed security assessment reports, including: vulnerability findings, risk analysis, and prioritized remediation recommendations.Assist in developing and enforcing security policies and controls.Stay informed about emerging attack techniques, exploits and security research.Utilize security tools and technologies to identify and analyze potential threats.Conduct incident response investigations to determine the root cause and scope of security breaches.Document incident response activities and developments for future reference.Provide technical support and guidance to other IT teams on security best practices.Analyze threat intelligence data to identify potential risks and inform security strategies.Generate regular reports on security incidents, threat trends, and the effectiveness of security measures.Contribute to the development and improvement of security policies, procedures, and standards.Implementing security measures, managing security tools, and ensuring compliance with cybersecurity policies and frameworks such as NIST, PCI-DSS, and CIS benchmarks.Respond after-hours to high priority or emergency IT security related events.May be required to undertake other related duties on a periodic basis.QualificationsTypically requires completion of post secondary education with an emphasis in Computer Science, Information Security or related field, plus a minimum of 3 years experience working in Cyber Security Operations, or an equivalent combination of education and experience.Strong understanding of network and system security concepts.Proficiency in using security tools and technologies (e.g., SIEM, EDR, IDS/IPS, firewalls, Email security gateway).Experience with penetration testing tools.Understanding of OWASP Top 10, MITRE ATT & CK, and common exploitation techniques.Strong reporting and communication skills (technical & non-technical audiences).Strong attention to detail and the ability to work under pressure.Knowledge working in a complex retail technology environment considered an asset.Excellent analytical and problem-solving skills.Strong time management and interpersonal skills.Completion of a criminal background check is a requirement for this position. Employment may be conditional upon a result that is determined to be satisfactory.Work & Sensory Environment:Ability to work on on-call rotations, including nights and weekends, to respond to security incidents outside of regular business hours.May be required to sit for long periods of time at workstation. May be required to lift objects up to 50 lbs. Providing service to several people or departments, working under many simultaneous deadlines. Possible exposure to eye strain from computer terminals. Must have access to a reliable vehicle to be able to travel to different sites, on occasion. Additional InformationAccommodation is available upon request for applicants and employees with disabilities.