Analyst, Cyber Security

Analyst, Cyber Security - Vulnerability Management Join to apply for the Analyst, Cyber Security - Vulnerability Management role at Coca-Cola Canada Bottling Limited Employee Type - Regular Employee FT Salaried Hybrid Work - This position currently offers a hybrid work schedule. Subject to change. The in-office requirement is a minimum of three days per week (Tuesday, Wednesday & Thursday), with the flexibility to work remotely on the remaining days. Initial Posting Close Date - November 12, 2025 Work Location - Toronto, ON About This Opportunity We are seeking a Cybersecurity Analyst (Vulnerability Management) to join our Cybersecurity team. This key role within the Security Engineering group is responsible for maintaining and strengthening the organization’s security posture. The analyst leads the end-to-end vulnerability management lifecycle—from scanning and analysis to driving remediation—across our IT, Operational Technology (OT), and Application Security environments. The analyst plays a critical role in embedding security practices into development and infrastructure operations to reduce risk and ensure compliance with regulatory standards. Responsibilities Contribute to and execute the vulnerability management lifecycle across IT and OT environments, including regular scanning, analysis, prioritization, and tracking until closure. Support the management, configuration, and tuning of Application Security (AppSec) tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) to proactively identify and manage risks in the Software Development Lifecycle (SDLC). Utilize and integrate threat intelligence feeds to enrich vulnerability data, allowing for risk-based prioritization focused on actively exploited or highly relevant threats. Perform periodic security configuration assessments against servers, network devices, and platforms to identify and remediate configuration drift and hardening deficiencies. Coordinate and collaborate with infrastructure teams to ensure timely and effective deployment of patches and updates across all managed assets, ensuring minimal operational impact. Partner with DevOps, Infrastructure (Infra), and Cloud teams to embed security as code, ensuring secure configurations and practices are maintained in CI/CD pipelines (DevSecOps). Support and track the remediation of security audit and compliance findings related to vulnerabilities, policy violations, and control gaps. Assist in the analysis and configuration review of network security controls, including Firewall configurations, to ensure security policies align with risk tolerance. Generate detailed and executive-level reports to demonstrate adherence to regulatory and internal security policies and frameworks. Create and maintain comprehensive technical documentation for vulnerability management procedures, tool configurations, standard operating procedures (SOPs), and risk treatment plans. Qualifications College diploma and/or degree in Cybersecurity, Computer Science, or a related technical field is required. A minimum of one foundational security certification is required, such as CompTIA Security+ or an equivalent credential. Relevant vendor or professional certifications such as AZ-500 (Azure Security Engineer), AZ-400 (Azure DevOps Engineer), AZ-104 (Azure Administrator), AZ-204 (Azure Developer), or GIAC certifications are an asset. 1–3 years of experience in Vulnerability Management or a related security role is required. Experience in OT or a strong understanding of the unique security and availability requirements for securing industrial control systems (ICS) is an asset. Knowledge of industry security frameworks and benchmarks, such as NIST, ISO frameworks, SOC 2, and CIS. Familiarity with the Microsoft Azure technology stack, including Microsoft Defender for Cloud (MDC), Data Loss Prevention (DLP), Defender for Endpoint/Email, and Azure DevOps with a focus on securing CI/CD pipelines, is preferred. Proficient documentation skills for technical procedures and reporting are required. Demonstrated ability as a good problem solver, good communicator (both written and verbal), and possessing a strong desire to learn and adapt to complex, evolving technologies is essential. About Us Coca-Cola Canada Bottling Limited is Canada’s premier bottling company. We are an independently owned business encompassing over 5,800 associates, more than 50 sales and distribution centers, and 5 production facilities nationwide. For more information about Coke Canada Bottling, please visit cokecanada.com. Important All offers of employment at Coca-Cola Canada Bottling Limited (“Coke Canada Bottling”) are conditional upon a successful background clearance obtained through our contracted third-party vendor. The standard clearance requirements depend on the position and may include some or all of the following: criminal clearance, employment verification, education verification and drivers abstract review. Please advise the Talent Acquisition team if you have any questions or concerns in regards to this once you are contacted for further consideration. Coke Canada Bottling is committed to creating a diverse and inclusive workforce with several programs, policies and resources in place to support our people. For individuals requiring accommodations or support throughout the recruitment process please contact our Talent Acquisition Services team by calling or email Referrals increase your chances of interviewing at Coca-Cola Canada Bottling Limited by 2x. Get notified about new Cyber Security Analyst jobs in Toronto, Ontario, Canada. #J-18808-Ljbffr