Security Incident Response Analyst, Tier Ii

**Security Incident Response Analyst, Tier II**

At Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real-time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada.

The Security Incident Response Analyst, Tier II will be responsible to provide expert-level analysis, incident response, and strategic guidance within the Security Incident Management Team. This position plays a key role in monitoring, investigating, and responding to security events and incidents that may impact the confidentiality, integrity, or availability of our systems and services.

for overseeing the development, implementation, and management of comprehensive Insider Threat strategies and programs. This individual will play a critical role in identifying, assessing, mitigating, and responding to risks posed by trusted insiders—employees, contractors, or partners—who might intentionally or unintentionally cause harm to the organization.

**You'll be responsible for**:

- ** Incident Detection & Analysis**
- Monitor and investigate alerts from SIEM, EDR, and other security platforms.
- Perform triage of events and escalate based on severity and impact.
- ** Incident Response & Coordination**
- Respond to and contain security incidents under the guidance of senior analysts or incident leads.
- Support evidence gathering and documentation during incident investigations.
- Coordinate with internal IT, business units, and senior cybersecurity staff during incidents.
- ** Threat Analysis & Hunting (Supporting Role)**
- Assist with basic threat hunting activities, using known indicators and behavioral patterns.
- Leverage threat intelligence to contextualize incidents and alerts.
- ** Forensics & Recovery Support**
- Preserve logs and artifacts for deeper analysis or legal needs, following chain-of-custody procedures.
- ** Detection Tuning & Tooling**
- Recommend and implement improvements to alert logic, detection rules, and response playbooks.
- Contribute to the development of automated responses and investigation workflows.
- ** Collaboration & Continuous Improvement**
- Document and report on incidents, lessons learned, and remediation follow-ups.
- Participate in tabletop exercises and post-incident reviews.
- Collaborate with Tier I analysts and mentor junior staff as appropriate.
- Contributing to and supporting the implementation of access control mechanisms to enforce privilege and ensure that access to sensitive data is restricted to authorized individuals.
- Sundry Security Incident Management related duties as assigned.

**You bring**:

- ** Experience**
- 3-5 years of cybersecurity experience, with at least 1-2 years in security operations or incident response.
- Experience using tools such as Splunk, CrowdStrike, SentinelOne, or QRadar.
- Understanding of attack vectors (e.g., phishing, malware, lateral movement) and frameworks such as MITRE ATT&CK, **Cyber Kill Chain**,**NIST 800-61**,**and threat intelligence lifecycle.
- Familiarity with cloud environments (Azure, AWS) is an asset.
- Experience working in or supporting a SOC environment.
- ** Education & Certifications**
- Degree or diploma in Computer Science, Cybersecurity, or related field—or equivalent practical experience.
- One or more of the following certifications (or actively pursuing):

- Security+, Network+, or similar foundational certifications
- ** Skills & Competencies**
- Strong analytical and troubleshooting skills.
- Effective communicator, able to write clear reports and escalate issues effectively.
- Familiarity with NIST 800-61, Cyber Kill Chain, or similar response frameworks.
- Exposure to scripting (e.g., PowerShell, Python) for investigation and automation is a plus.
- Practical **threat hunting** experience using SIEM, EDR, NDR, and threat intelligence platforms.
- Familiarity with **regulatory environments** relevant to Canadian financial institutions (e.g., OSFI, PIPEDA, PCI DSS, SOC 2).
- Experience in insider threat frameworks (CERT, NITTF) and security best practices.
- Experience / knowledge in Offensive Tactics such as network reconnaissance, software and service exploitation, backdoors, malware usage, and data exfiltration techniques.
- Experience / knowledge in Defensive Tactics, including more detailed knowledge of network communication, extensive knowledge of IDS operation and mechanics, IDS signatures, and statistical detection.
- Experience / knowledge in Malware Analysis, must be able to perform a higher level of malware analysis, both dynamic and static
- Experience / exposure in Host-Based Forensics, including hard drive and file system forensics, memory forensics, and incident timeline creation. Knowledge on how to pre