Lead end-to-end response for high-priority security incidents, including scoping, containment, eradication, recovery, and post-incident reviews
Perform advanced investigations (endpoint forensics, network traffic analysis, identity and access, email security, and cloud platforms)
Handle escalations from L2 Analysts and provide hands-on guidance during active incidents
Maintain chain of custody and evidence integrity; establish and follow processes to preserve traceability
Create clear, factual investigative reports and provide timely stakeholder updates tailored to technical and non-technical audiences
Lead lessons-learned workshops and drive remediation and control improvements
Contribute to playbook development and automation; identify opportunities to streamline triage and response
Identify, assess, and report on security risks in line with internal policies and applicable regulations/standards
Propose and track risk mitigation and remediation plans, balance business impact and control effectiveness
Analyze security solutions and recommend approaches that optimize risk reduction vs. cost
Maintain Intact’s cybersecurity incident response plan and supporting procedures; contribute to broader cybersecurity plans and testing (e.g., tabletop exercises)
Support Legal and HR on investigations (e.g., insider threat, fraud) and coordinate with Privacy/Compliance for potential regulatory notifications
Partner with IT/Cloud/Network teams to validate containment and recovery actions and ensure durable fixes
Provide mentorship and technical guidance to SOC analysts to develop their IR skills
Participate in a scheduled on-call rotation to support 24/7 coverage for critical incidents
Track and report SOC KPIs/KRIs (e.g., MTTD, MTTR, detection efficacy, containment time) and contribute to continuous improvement initiatives.

Requirements

Bachelor’s degree in computer science, information security, engineering or any combination of equivalent education and experience
10+ years of experience in Information Technology with at least 5 years dedicated to Information Security, including hands-on SOC/Incident Response experience
Deep knowledge of information security principles, incident response processes, and digital investigation concepts (e.g., chain of custody, evidence handling)
Proficiency with security platforms (SIEM, SOAR, EDR/XDR, Digital Forensics, Network security and traffic analysis, Cloud security investigation in AWS/Azure/GCP, and Identity and Access investigation tools)
Strong understanding of common vulnerabilities and attacker techniques (SANS, OWASP Top 10, CSA, MITRE ATT&CK)
Certifications (assets): One or more of: CISSP, CISM, CISA, CGEIT, CRISC, GSEC, GISP (asset)
Incident response/forensics/threat intel: GCIH, GCFA/GCFE, GCTI, GNFA, Azure/AWS security certs (asset)
Certified Fraud Examiner (CFE) or equivalent training (asset)
Strong ethical principles and sound judgement; understanding of security and business ethics
Excellent written and verbal communication; ability to translate technical findings for varied audiences
Analytical, critical thinker with a positive attitude, team spirit, and commitment to continuous learning
Ability to lead during high-pressure incidents and coordinate across multiple teams
For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country
No Canadian work experience required however must be eligible to work in Canada.

Benefits

Flexible work arrangements and a hybrid work model
Possibility to purchase up to 5 extra days off per year
Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
Share plan & other savings: up to 12% of salary or even more

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

incident responseendpoint forensicsnetwork traffic analysiscloud security investigationdigital forensicsrisk mitigationvulnerability assessmentevidence handlingsecurity principlesincident response processes

Soft Skills

communicationanalytical thinkingcritical thinkingteam spiritleadershipmentorshipjudgmentadaptabilitycontinuous learningbilingualism

Certifications

CISSPCISMCISACGEITCRISCGSECGISPGCIHGCFACertified Fraud Examiner