Threat Detection and Response Analyst

Wavelo is a SaaS business on a mission to make telecoms a breeze.

We provide flexible software that modernizes how communication service providers (CSPs) do business, helping them drive more value, focus on customer experience, and scale their operations faster.

As part of Tucows (NASDAQ:TCX, TSX:TC)—one of the world's largest Internet services companies—Wavelo is backed by outstanding resources and talent. We embrace a people-first philosophy that is rooted in respect, trust, and flexibility. We believe that whatever works for our employees is what works best for us. It's also why the majority of our roles are remote-first, meaning you can work from anywhere you can connect to the Internet

The work we do genuinely changes lives. If this sounds exciting, we'd love to hear from you 

As a Threat Detection and Response Analyst, your primary focus will be to proactively identify, investigate, and mitigate advanced threats within Tucows' environment. You will be part of the larger Information Security team, playing a key role in detecting and responding to sophisticated adversaries that evade traditional security controls across our complex environments.

You will collaborate with cross-functional teams to strengthen our defenses, enhance detection capabilities, and ensure compliance with established security frameworks and policies. This role requires participation in our 24/7 on-call rotation for incident response.

You'll thrive in this role if you enjoy deep technical investigation, pattern recognition, and staying ahead of evolving cyber threats.

This is a remote position for applicants based in Canada or USA.

• Perform cybersecurity threat detection, analysis, and mitigation as part of a global, around-the-clock security team.

• Perform proactive threat hunting across Tucows' systems, networks, and cloud environments to detect hidden or emerging adversarial activity.

• Investigate potential security incidents using a wide range of tools, logs, and techniques across cloud and on-premise environments.

• Collaborate with other Security Analysts and Security Engineering personnel to triage, contain, and remediate identified threats.

• Develop and tune custom detection rules, scripts, and playbooks to improve threat visibility and response effectiveness.

• Design, build, and maintain scalable detection logic across SIEM and EDR platforms.

• Conduct proactive threat hunting to detect potential adversary activity within the environment.

• Design, test, and improve security detections, playbooks, and automation workflows to enhance response capabilities and reduce detection gaps.

• Review and triage alerts and logs, escalating significant incidents.

• Monitor external service providers for suspicious activity or potential security events.

• Perform continuous analysis of threat intelligence, tactics, techniques, and procedures (TTPs) to anticipate attacker behavior.

• Utilize Cyber Threat Intelligence sources and workflows to augment detection and response.

• Document and communicate findings with clear technical and business context, recommending long-term preventive actions.

• Contribute to purple team exercises, attack simulations, and post-incident reviews to enhance defense-in-depth capabilities.

• Mentor junior analysts and foster a culture of curiosity, learning, and shared security ownership.

• Deep understanding of adversary tradecraft, the MITRE ATT&CK framework, and modern threat landscapes.

• Experience with SIEM, EDR, and cloud-native detection tools (e.g., CrowdStrike, Alienvault, AWS GuardDuty, Azure Defender, Elastic, etc.).

• Strong analytical and investigative mindset with the ability to connect technical indicators to strategic insights.

• Familiarity with scripting languages (Python, PowerShell, etc.) for automating hunts and data analysis.

• Knowledge of network protocols, operating system internals, and log analysis.

• Excellent written and verbal communication skills with the ability to translate complex findings into clear risk narratives.

• Demonstrated ability to work both independently and collaboratively in a fast-moving environment.

• Bachelor's degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).

• 5–8 years of experience in cybersecurity, including 3+ years focused on threat hunting, detection engineering, or incident response.

• Relevant certifications are a plus (e.g., GCFA, GCTI, GNFA, OSCP, or equivalent).

The base salary range for this position is $114,300 - $127,000 USD for US residents OR $118,260 - $131,2400 CAD for Canadian residents. Other countries will differ. Range may vary on a number of factors including, but not limited to: location, experience and qualifications. Tucows believes in a total rewards offering that includes fair compensation and generous benefits. Learn more about Tucows Benefits.

Want to know more about what we stand for? At Wavelo and Tucows we care about protecting the open Internet, narrowing the digital divide, and supporting fairness and equality.

We also know that diversity drives innovation. We are committed to inclusion across race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status or disability status. We celebrate multiple approaches and diverse points of view.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.

Tucows and its subsidiaries participate in the E-verify program for all US employees.

Learn more about Tucows, our businesses, culture and employee benefits on our site here.