Job from partnerJob Description
About the Role:
IFS Canada is hiring a Security Operations Analyst to help defend a hybrid environment — with a mix of legacy on-prem infrastructure and growing cloud-native services across AWS and Azure.
This is a hands-on role within our Security Operations team. You'll be responsible for building and refining detection logic, responding to incidents, and coordinating vulnerability remediation efforts. The ideal candidate is comfortable navigating across endpoint, network, and cloud contexts — and is curious enough to chase down leads others might miss.
You’ll also play a key role in ensuring our security controls and practices support compliance with ISO 27001, SOC 2, and other regulatory frameworks.
Who We’re Looking For:
We're seeking someone who’s curious by nature and analytical by default — the kind of person who asks “what else is this connected to?” after every alert. You enjoy exploring how systems work, breaking things in test environments, and tinkering with new detection ideas.
While this role is primarily defensive, we welcome candidates with an interest in red teaming, adversary emulation, or purple team activities. Over time, there’s potential to grow into a more proactive simulation-focused role — working with engineering teams to anticipate and test attacker behavior.
If you're passionate about building detections, breaking assumptions, and closing gaps, you’ll thrive here.
Key Responsibilities:
- Investigate and respond to alerts from SIEM, EDR, and cloud-native logging systems
- Correlate activity across identity, endpoint, network, and cloud data to detect threats
- Build, tune, and maintain detection logic using query languages and regular expressions
- Create and maintain investigation playbooks, detection documentation, and response templates
- Coordinate vulnerability management activities:
- Work with IT and DevOps to validate, prioritize, and track remediation
- Support compliance evidence collection for vulnerability closure
- Tune endpoint, firewall, and DNS protections based on evolving threat intelligence
- Contribute to detection gap analysis, threat modeling, and internal red team exercises
- Assist with enforcement of policies and evidence collection for ISO 27001/SOC 2 compliance
- Recommend improvements to logging, alerting, and monitoring pipelines
