Senior Cybersecurity Specialist - Incident Response

Senior Cybersecurity Specialist - Incident Response

Toronto, ON, Canada

Job Description

Posted Monday, April 7, 2025 at 4:00 AM

Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, ThinkInsure, Zolo, and Flexiti, provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, insurance, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money.

As the fastest growing online brokerage in Canada, Questrade is committed to helping Canadians become much more financially successful and secure. Our vision is to revolutionize financial services by offering the most innovative and cost efficient financial services – including banking.

What’s it like working as a Senior Cybersecurity Specialist - Incident Response at Questrade?

Administration and management of the various cybersecurity tools used by the wider Joint Security Operations Centre team, such as Endpoint Detection & Response (EDR), Vulnerability Scanning, Attack Surface Management, Identifying and responding to cyber threats. Day to day activities include overseeing system upgrades and expanding capabilities, monitoring system health and troubleshooting system issues, ensuring asset coverage, and managing user access for these tools. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs, providing metrics on the management of these systems and tickets addressed, and conducting monitoring and response activities. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as contribute to process improvements and build documentation for new tools.

• Monitor, analyze and report possible cybersecurity attacks.
• Investigate and perform analysis of threat indicators.
• Gather Indicators of compromise and any relevant data to use with threat hunting activities.
• Leverage security tools (SIEM, EDR, and more) for analysis to identify malicious activities.
• Analyze identified malicious activity to determine Tactics, Techniques and Procedures.
• Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.
• Monitor and actively conduct investigations and analysis related to Cyber Threat Intelligence gathered from the internet and dark web related to threats facing the organization.
• Participate in on-call and hands on scheduled shift rotations including off business hours.
• Collaborate well and work with other cybersecurity and IT team members.
• Coordinate Security Incident Response and investigation with other internal teams and 3rd party providers.
• Conduct incident investigations using security tools and solutions (SIEM, EDR, firewalls, etc.).
• Complete Security Incident and Investigation reports.
• Onboard and monitor cloud environments (Azure, AWS, or GCP) into SIEM.
• Develop and document processes, operational procedures, and enhance playbook workflows.
• Deploy, manage and administer tools used by other cybersecurity teams related to endpoint protection, email security, vulnerability scanning, etc.
• Review enterprise security tools and controls to review system health, identify misconfigurations, and implement tuning recommendations per vendor best practices.
• Maintain existing or create new procedures and processes for administering and managing cybersecurity tools under the purview of the team.
• Respond to and address support tickets for our tools that arise from different end users and teams via the enterprise ticketing system.
• Provide proactive security investigation and searches on corporate environments to detect malicious activities.
• Maintain up-to-date understanding of security threats, countermeasures, security tools, Cloud Security and SaaS technologies.
• Maintain technical proficiency through training, keeping up with industry best practices, and security frameworks.
• Report on team metrics for the CISO leadership team and the IT & Cyber GRC team.
• Report on all applicable compliance related obligations.

So are YOU our next Senior Cybersecurity Specialist - Incident Response? You are if you have…

• 5+ years of relevant experience in performing Cybersecurity operations, Cybersecurity Threat Intelligence, Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.
• Knowledge of NIST Cybersecurity Framework, MITRE ATT&CK.
• Knowledge of creation and fine tuning SIEM use cases.
• Security monitoring experience with cybersecurity and SIEM technologies.
• Experience with building SOC processes, playbooks, SIEM correlation rules, and incident reports.
• Experience with threat hunting and security incident investigation.
• Knowledge of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e-mail security, content filtering, DDoS, WAF, and more.
• Knowledge of incident investigation, working with in-house and vendor teams to research, identify and report on incidents.
• Knowledge of security incident management, malware analysis and vulnerability management processes.
• Strong technical and learning agility, able to adapt to constantly evolving threats, domains and technologies.
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
• Experience with the security logging and monitoring of cloud environments.
• Experience analyzing different data sets and preparing metrics and reports (e.g. Excel, Sheets, PowerBI).
• Experience with Atlassian products, especially JIRA and Confluence.
• Certified Ethical Hacker (CEH), Certified SOC Analyst (CSA), Computer Hacking Forensic Investigator (CHFI), EC-Council Certified Incident Handler (ECIH) or similar relevant certifications.
• Familiarity with programming languages such as Python, JS and others.
• Hands on technical expertise in the following types of tools: EDR, infrastructure vulnerability scanning, cloud based scanning, data loss prevention, external attack surface management, network scanning, incident response, SIEM, access management.
• Primarily be supporting PST time zones as a Cybersecurity Specialist on the evening shift, from 2 PM to 10 PM EST.

Sounds like you? Click below to apply! #LI-DM

At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in.