FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Senior CorpSec Analyst
Clio - Cloud-Based Legal TechnologySenior CorpSec Analyst at Clio, leading cybersecurity investigations and incident response initiatives. Protecting the organization from internal and external threats while improving operational quality and efficiency.
Tech Stack
Tools & technologiesPython
About the role
Key responsibilities & impact- Lead investigations and incident response for medium- and high-severity security events — phishing campaigns, insider risk, compromised accounts, data-loss concerns — owning the response from triage through resolution and post-incident review.
- Own detection engineering across the corporate security stack — tune DLP, EDR, phishing templates, remediations, and SSO/IdP signals; build correlation rules; reduce false-positive rates without sacrificing coverage.
- Drive root-cause analysis after incidents and near-misses, then translate findings into durable runbook, control, and tooling changes.
- Build and maintain automations and integrations that move work left — auto-remediation playbooks, signal enrichment, evidence collection pipelines.
- Define, document, and evolve internal incident response playbooks for insider threat, compromised device, and data-loss scenarios.
- Partner with the Manager, CorpSec on tooling decisions — evaluate, configure, and operate platforms across EDR, DLP, phishing, SIEM, and SOAR.
- Tune and evolve security tooling for AI detection — address risks of unauthorized data movement, agentic workflows, and the lethal trifecta.
- Drive correlation and visibility capability across Clio's security stack so detection and investigation stay timely as the company continues to grow.
- Act as incident commander on high-severity events — coordinate response across respective teams, as needed; communicate clearly to stakeholders during and after.
- Raise the operational bar of the team — coach junior analysts, review their investigations, share patterns and gotchas, and write documentation, scripts, and/or automations for others to learn from.
- Identify operational health problems before they become incidents — propose, prioritize, and execute the work to close gaps.
- Drive cross-team initiatives that no single team owns — DLP policy refinement, MDM coverage, audit log centralization, AI tooling guardrails.
- Support security compliance requirements for SOC 2, ISO 27001, GovRAMP, and PCI-DSS — own and design technical evidence pipelines, not just one-off collection.
- Maintain Clio trust by communicating transparently and proportionately — we design to protect, not to surveil.
Requirements
What you’ll need- 5–8 years of hands-on experience in security operations, detection engineering, or incident response.
- Deep hands-on experience with at least three of: EDR, DLP, Phishing platforms, SIEM, or Google Workspace security controls — you've configured, tuned, and operated them in production.
- Demonstrated experience leading security incidents end-to-end — you've been the incident commander, not just a contributor.
- Track record of root-cause investigation — you fix the problem, not the symptom, and translate the fix into a durable control or automation.
- Strong written communication — your runbooks, post-incident reviews, and decisions are easy to follow for engineers outside CorpSec.
- Demonstrated ability to coach or mentor more junior analysts — you raise the bar of those around you, not just your own.
- Comfort with ambiguity — you can take an open-ended problem ("our DLP signal-to-noise is bad") and produce a concrete, prioritized plan.
- A healthy curiosity to look for the why and fix the problem rather than the symptom.
- Experience using, observing, and securing AI systems, platforms, and agents.
- Growth mindset when it comes to process improvement and new technologies, especially AI.
- Preferred Experience designing or operating SIEM or detection-as-code pipelines.
- Experience contributing to security compliance programs including SOC 2, ISO 27001, GovRAMP, or FedRAMP.
- Scripting fluency (Python, Bash, PowerShell) for automating investigation, evidence collection, and remediation.
- Industry certifications such as CISSP, CISM, GCIH, GCIA, or CompTIA Security+.
- Comfortable jumping onto due-diligence calls if Compliance requires assistance with customer Risk Interviews.
Benefits
Comp & perks- Competitive, equitable salary with top-tier health benefits, dental, and vision insurance
- Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, Dublin, London, New York City and Sydney) to be in office min. twice per week.
- Flexible time off policy, with an encouraged 20 days off per year.
- $2000 annual counseling benefit
- RRSP matching and RESP contribution
- Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Incident ResponseDetection EngineeringRoot-Cause InvestigationAutomationSecurity Tooling TuningDLP ConfigurationEDR OperationSIEM ManagementPhishing Platform ManagementScripting (Python, Bash, PowerShell)
Soft Skills
Strong Written CommunicationCoaching and MentoringComfort with AmbiguityCuriosityGrowth Mindset
Certifications
CISSPCISMGCIHGCIACompTIA Security+