As the Team Lead, Information Security Operations, you will provide technical and operational leadership for security monitoring, detection, and incident response capabilities. You will serve as the primary escalation point for security incidents, guide and mentor SOC analysts, and ensure consistent, high-quality investigation and response outcomes.
This role is accountable for effectively driving detection and monitoring maturity across the environment, ensuring threats are detected early, alerts are actionable, and investigations are supported by reliable and sufficient security telemetry. You will continuously assess detection coverage against the evolving threat landscape, validate logging and visibility across systems, and lead improvements that strengthen the organization’s overall security posture.
You will also act as a trusted security advisor across enterprise initiatives, audits, and risk discussions, balancing hands-on incident leadership with strategic oversight to support the confidentiality, integrity, and availability of sensitive information.
HERE’S HOW YOU’LL CONTRIBUTE:
- Lead day-to-day SOC operations and act as the primary escalation point for complex and high-severity security incidents in a hybrid environment (On Prem and Cloud), ensuring timely and effective response.
- Proactively assess threat intelligence and emerging attack techniques, identifying where new or enhanced detections are required.
- Govern security logging and telemetry standards, ensuring logs are onboarded, sufficient, and fit for purpose to support effective detection, investigation, and response.
- Optimize and manage security tools and platforms, including tuning detections, improving signal quality, and enabling the team to effectively leverage technology for investigations and response.
- Act as a security subject matter expert across enterprise initiatives, collaborating with business and technical teams to embed security controls, assess risks, and ensure alignment with organizational policies and frameworks.
- Lead post-incident reviews and translate lessons learned into improved detections, playbooks, and monitoring outcomes.
HERE’S WHAT YOU’LL BRING:
- Bachelor’s degree in computer science, Information Technology, or a related field, with 5–8 years of experience in Security Operations or a similar capacity, including experience leading SOC functions, mentoring analysts, and supporting high?severity incident response.
- Proven experience responding to security incidents in hybrid environment (On Prem and Microsoft Azure) including investigations involving Entra ID (Azure AD), Microsoft Sentinel, Defender for Cloud, identity compromise, cloud workload threats, and misconfigurations
- Strong understanding of security monitoring and detection capabilities across SIEM, EDR/XDR, SOAR, UEBA, and network? and host?based detection, with the ability to assess logging sufficiency, signal quality, and detection coverage to support effective investigations.
- Solid understanding of attacker techniques, vulnerabilities, and exploitation methods, with a proactive, problem?solving mindset to identify detection gaps, anticipate emerging threats, and continuously improve SOC effectiveness.
- Demonstrated ability to operate effectively in high?pressure environments, rapidly synthesize information, and make sound decisions, with a strong commitment to continuous learning, mentoring analysts, and maturing SOC processes, playbooks, and operations.
- Strong deductive reasoning, critical thinking, problem-solving, and prioritization skills.
- One or more senior security certifications such as CISSP, GIAC certifications (e.g., GCIH, GCED, GCIA, or GCIR) and Microsoft security certifications such as SC?200 or AZ?500, or a demonstrated commitment to achieving them.
- Solid understanding of frameworks, standards, and assessments such as ISO 27001, SOC 2, PCI, NIST.
Total Direct Compensation:
137,200 to 146,900Any pay range is in $CAD. The stated pay range reflects the total expected compensation for this role (e.g., base pay plus any expected incentives or allowances, where applicable)