Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Clio - Cloud-Based Legal Technology

Senior CorpSec Analyst

Clio - Cloud-Based Legal Technology

Senior CorpSec Analyst at Clio, leading cybersecurity investigations and incident response initiatives. Protecting the organization from internal and external threats while improving operational quality and efficiency.

Posted 7/8/2026full-timeVancouver • 🇨🇦 CanadaSenior💰 CA$104,500 - CA$141,500 per yearWebsite

Tech Stack

Tools & technologies
Python

About the role

Key responsibilities & impact
  • Lead investigations and incident response for medium- and high-severity security events — phishing campaigns, insider risk, compromised accounts, data-loss concerns — owning the response from triage through resolution and post-incident review.
  • Own detection engineering across the corporate security stack — tune DLP, EDR, phishing templates, remediations, and SSO/IdP signals; build correlation rules; reduce false-positive rates without sacrificing coverage.
  • Drive root-cause analysis after incidents and near-misses, then translate findings into durable runbook, control, and tooling changes.
  • Build and maintain automations and integrations that move work left — auto-remediation playbooks, signal enrichment, evidence collection pipelines.
  • Define, document, and evolve internal incident response playbooks for insider threat, compromised device, and data-loss scenarios.
  • Partner with the Manager, CorpSec on tooling decisions — evaluate, configure, and operate platforms across EDR, DLP, phishing, SIEM, and SOAR.
  • Tune and evolve security tooling for AI detection — address risks of unauthorized data movement, agentic workflows, and the lethal trifecta.
  • Drive correlation and visibility capability across Clio's security stack so detection and investigation stay timely as the company continues to grow.
  • Act as incident commander on high-severity events — coordinate response across respective teams, as needed; communicate clearly to stakeholders during and after.
  • Raise the operational bar of the team — coach junior analysts, review their investigations, share patterns and gotchas, and write documentation, scripts, and/or automations for others to learn from.
  • Identify operational health problems before they become incidents — propose, prioritize, and execute the work to close gaps.
  • Drive cross-team initiatives that no single team owns — DLP policy refinement, MDM coverage, audit log centralization, AI tooling guardrails.
  • Support security compliance requirements for SOC 2, ISO 27001, GovRAMP, and PCI-DSS — own and design technical evidence pipelines, not just one-off collection.
  • Maintain Clio trust by communicating transparently and proportionately — we design to protect, not to surveil.

Requirements

What you’ll need
  • 5–8 years of hands-on experience in security operations, detection engineering, or incident response.
  • Deep hands-on experience with at least three of: EDR, DLP, Phishing platforms, SIEM, or Google Workspace security controls — you've configured, tuned, and operated them in production.
  • Demonstrated experience leading security incidents end-to-end — you've been the incident commander, not just a contributor.
  • Track record of root-cause investigation — you fix the problem, not the symptom, and translate the fix into a durable control or automation.
  • Strong written communication — your runbooks, post-incident reviews, and decisions are easy to follow for engineers outside CorpSec.
  • Demonstrated ability to coach or mentor more junior analysts — you raise the bar of those around you, not just your own.
  • Comfort with ambiguity — you can take an open-ended problem ("our DLP signal-to-noise is bad") and produce a concrete, prioritized plan.
  • A healthy curiosity to look for the why and fix the problem rather than the symptom.
  • Experience using, observing, and securing AI systems, platforms, and agents.
  • Growth mindset when it comes to process improvement and new technologies, especially AI.
  • Preferred Experience designing or operating SIEM or detection-as-code pipelines.
  • Experience contributing to security compliance programs including SOC 2, ISO 27001, GovRAMP, or FedRAMP.
  • Scripting fluency (Python, Bash, PowerShell) for automating investigation, evidence collection, and remediation.
  • Industry certifications such as CISSP, CISM, GCIH, GCIA, or CompTIA Security+.
  • Comfortable jumping onto due-diligence calls if Compliance requires assistance with customer Risk Interviews.

Benefits

Comp & perks
  • Competitive, equitable salary with top-tier health benefits, dental, and vision insurance
  • Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, Dublin, London, New York City and Sydney) to be in office min. twice per week.
  • Flexible time off policy, with an encouraged 20 days off per year.
  • $2000 annual counseling benefit
  • RRSP matching and RESP contribution
  • Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Incident ResponseDetection EngineeringRoot-Cause InvestigationAutomationSecurity Tooling TuningDLP ConfigurationEDR OperationSIEM ManagementPhishing Platform ManagementScripting (Python, Bash, PowerShell)
Soft Skills
Strong Written CommunicationCoaching and MentoringComfort with AmbiguityCuriosityGrowth Mindset
Certifications
CISSPCISMGCIHGCIACompTIA Security+