SIEM Engineer

• Work Location - 335 King Street East, Toronto, ON
• Employee Type - Regular Employee FT  Salaried
• Hybrid Work - This position currently follows a hybrid work schedule, subject to change. Employees are required to be in the office a minimum of three days per week (Tuesday, Wednesday, & Thursday), with the flexibility to work remotely on the remaining days. 
• Initial Posting Close Date - November 7, 2025

We are recruiting a SIEM Engineer to join our Cybersecurity team. In this role, you will be responsible for enhancing our organization's security operations through the integration of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) capabilities, specifically utilizing Microsoft Sentinel. 

You will work closely with cross-functional teams to monitor, detect, and automate responses to security incidents, ensuring the organization's network, systems, and data are secure. Your expertise in SIEM and SOAR will be key in improving the efficiency of our security processes and reducing response times to incidents.

• Configure, manage, and optimize Microsoft Sentinel for security monitoring and event detection.
• Develop, fine-tune, and update detection rules and analytics using KQL (Kusto Query Language).
• Investigate and analyze security incidents, providing actionable insights and response strategies.
• Build and maintain automation playbooks within Microsoft Sentinel to orchestrate incident response and remediation actions.
• Integrate Sentinel with other security tools (e.g., firewalls, endpoint protection, threat intelligence platforms) to create automated workflows.
• Create and manage automated workflows to reduce manual intervention and improve response times.
• Monitor, update, and refine detection rules, playbooks, and automated responses to enhance efficiency.
• Develop and document incident response procedures, ensuring proper escalation processes and timely resolution of threats.
• Collaborate with cross-functional teams to ensure security monitoring and response strategies align with organizational goals.
• Ensure compliance with security policies, best practices, and regulatory requirements.

• College diploma and/or degree in Cybersecurity, Computer Science, Information Technology or a related field.
• Relevant certifications such as CISSP, CEH, SC-200, or AZ-500 are a plus.
• 3+ years of experience in security operations, with expertise in SIEM (preferably Microsoft Sentinel) and SOAR.
• Hands on experience with REST APIs
• Strong experience with Microsoft Sentinel, including the development of detection rules and queries using KQL.
• Strong understanding of cloud-based SIEM architecture and integration within Azure environments.
• Hands-on experience creating and maintaining SOAR playbooks for incident response automation.
• Familiarity with security operations tools such as firewalls, endpoint protection (e.g., CrowdStrike, Defender), and cloud security services.
• Experience with automation and scripting (Python, PowerShell) to enhance response capabilities.
• Excellent analytical skills with the ability to identify trends, detect potential threats, and automate responses.
• Strong communication skills to work with technical and non-technical teams to define and improve security processes.
• Knowledge of security frameworks (e.g. MITRE ATT&CK and MITRE D3FEND, NIST-CSF) and incident response best practices.
• Ability to manage multiple tasks in a fast-paced environment while maintaining attention to detail.
• Continuous Learning: Staying updated with the latest security trends and Microsoft Sentinel capabilities.

#LI-JB1

#CBSAS

About Us: Proudly Canadian and Independently Owned, We are Coke Canada

Coca-Cola Canada Bottling Limited is Canada's premier bottling company. We are an independently owned business encompassing over 5,800 associates, more than 50 sales and distribution centers, and 5 production facilities nationwide. For more information about Coke Canada Bottling, please visit

Important

All offers of employment at Coca-Cola Canada Bottling Limited ("Coke Canada Bottling") are conditional upon a successful background clearance obtained through our contracted third-party vendor. The standard clearance requirements depend on the position and may include some or all of the following: criminal clearance, employment verification, education verification and drivers abstract review. Please advise the Talent Acquisition team if you have any questions or concerns in regards to this once you are contacted for further consideration.

Coke Canada Bottling is committed to creating a diverse and inclusive workforce with several programs, policies and resources in place to support our people. For individuals requiring accommodations or support throughout the recruitment process please contact our Talent Acquisition Services team by calling or email