Senior Security Operations Centre Analyst

Job Title: Senior Security Operations Centre Analyst

Reports to: Manager, Security Operations

Status: Full time
Schedule: Monday – Friday
Additional Requirements: NA 
Number of positions: 1 
Start Date: ASAP
Internal Application Deadline: 23 June 2025

This vacancy is for an existing position. 

Purpose of the Role

The Senior Security Operations Centre Analyst plays a critical role in the identification, investigation, and response to cybersecurity threats affecting LifeLabs systems and data. As a senior individual contributor within the Security Operations Centre (SOC), this role supports advanced threat detection, performs detailed incident response activities, and provides technical expertise in security monitoring, triage, and forensics. The analyst may mentor junior team members and help refine SOC tools and processes.

Your responsibilities will include:

Advanced Threat Detection and Analysis

• Continuously monitor security alerts across SIEM, EDR, and threat intelligence platforms.
• Analyze and correlate logs from various sources to identify potential threats and security incidents.
• Differentiate between normal system behavior and actual security events to prioritize actions.
• Use frameworks like MITRE ATT&CK to analyze attack vectors and potential impacts.
• Recommend and implement adjustments to detection strategies based on new threat trends or attack patterns.
• Conduct deep dives into APTs, malware behaviors, and other advanced threats to enhance detection capabilities.

Incident Response and Forensics

• Act as a primary responder to high-severity security incidents, investigating alerts and incidents from detection to resolution.
• Collect, preserve, and analyze forensic evidence (logs, files, network traffic) for incident analysis.
• Identify the root cause of security breaches, including determining attack methods, techniques, and tools used.
• Collaborate with IT and engineering teams to contain, eradicate, and recover from incidents.
• Document all actions taken, findings, and analysis throughout the incident lifecycle.
• Lead post-incident reviews and provide recommendations to prevent future occurrences.

Detection Engineering and Tool Enhancement

• Work with the engineering team to build and refine detection rules and use cases in SIEM/EDR platforms.
• Continuously tune detection rules to reduce false positives while maintaining high detection accuracy.
• Validate and enhance data sources, ensuring critical assets are adequately monitored and logged.
• Assist in the onboarding of new security tools and ensure their proper integration into the SOC workflow.
• Identify gaps in monitoring and collaborate with teams to implement solutions for improved visibility.
• Ensure that SOC tools (SIEM, EDR, SOAR, etc.) are up-to-date and aligned with the latest threat intelligence.

Knowledge Sharing and Operation Maturity

• Document incident response playbooks, standard operating procedures (SOPs), and detection runbooks for SOC operations.
• Share insights, threat research, and lessons learned with SOC peers to promote continuous improvement.
• Provide mentorship to junior SOC analysts, guiding them through complex cases and helping them develop technical skills.
• Conduct knowledge-sharing sessions or case study reviews to build team expertise.
• Contribute to and participate in tabletop exercises, threat simulations, and incident response drills to improve operational readiness.

What you bring to the role:

• Bachelor’s degree or Diploma in IT, Software Engineering, Computer Science, Engineering, Business Technology Management or any related technical field
• One or more relevant security certifications (LPT, OSCP, GWAPT, GWEB, GCIA, GSNA, GCIH, CISSP, CISM, CISA, CEH, GIAC, GPEN, GCED, Security +)
• Minimum 3+ years of direct experience in an information security role
• Multitasking in high-stress situations while ensuring that no details are missed.
• Fluency with scripting as PowerShell and Bash.
• Experience building and securing infrastructure as code (CloudFormation, GitLab, Terraform, etc.)
• Solid experience running security monitoring software such as DLP, IDS, IPS, etc.
• Asset if the candidate has experience working in the healthcare industry.
• Must have experience working in a Security Operations Center
• Experience working through incident response processes as they relate to cybersecurity breaches