Senior Cyber Security Specialist

Our Story: It's no surprise that our story is a little unconventional. After all, Papa Murphy's brought an entirely new approach to the pizza industry. But our unique idea is a simple one. We focus on using quality ingredients, prepared fresh daily, to offer our guests everyday meal solutions to take 'n' bake at home with ease. That commitment to quality and creativity extends beyond just our delicious and craveable products. At Papa Murphy's it is our mission to create a culture of collaboration, accountability, and inclusion. Because we know that what makes us great isn't just what we make, it's what we make together.

Reporting directly to the Senior Manager of SecuOur Story: It's no surprise that our story is a little unconventional. After all, Papa Murphy's brought an entirely new approach to the pizza industry. But our unique idea is a simple one. We focus on using quality ingredients, prepared fresh daily, to offer our guests everyday meal solutions to take 'n' bake at home with ease. That commitment to quality and creativity extends beyond just our delicious and craveable products. At Papa Murphy's it is our mission to create a culture of collaboration, accountability, and inclusion. Because we know that what makes us great isn't just what we make, it's what we make together.

Reporting directly to the Senior Manager of Security Operations, the Senior Cybersecurity Specialist (FTE) will be a key contributor to the MTY Global IT team supporting 90+ brands across Canada and the United States. This position will support MTY's Security Operations and Vulnerability Management functions.

This position is being recruited through the Papa Murphy's International subsidiary of MTY Food Group, a publicly traded company listed on the Toronto Stock Exchange ("MTY"). MTY's family of 80+ restaurant brands include mainstays such as Cold Stone Creamery, Famous Dave's, and Papa Murphy's.

Responsibilities

Security Operations

* Proactively hunt for threats in the enterprise environment

* Leverage security technologies (SIEM, EDR, IDS/IPS, NGFW) to identify IOCs or evidence of TTPs

* Collaborate with enterprise IT staff to perform analysis and remediate incidents

* Develop and maintain incident handling procedures and incident response playbooks

* Manage escalations from MSSPs, investigate findings, and bring incidents to resolution

* Lead incident response activities, including mitigation, remediation, root cause analysis, lessons learned, and incident report documentation

* Review open cases and provide follow-up that may be required

* Perform network and host forensics across Windows, Mac, and Linux platforms

Threat Intelligence and Detection

* Aggregate and analyze internal and external threat intelligence to identify relevant risks to the enterprise

* Map threat intelligence to MITRE ATT&CK and integrate findings into detection strategies

* Design and tune detection logic to identify abnormal user and system behavior

* Continuously review and optimize SIEM and EDR alerts to reduce false positives

* Collaborate with MSSPs and internal stakeholders to improve detection coverage and threat visibility

* Monitor dark web, threat feeds, and other sources for indicators of emerging threats affecting MTY's brands and infrastructure

 

Data Loss Prevention (DLP)

* Administer and maintain DLP policies, rules, and monitoring tools

* Investigate DLP incidents and assess the severity of data exposure or exfiltration risks

* Collaborate with legal, HR, and compliance teams on DLP incident handling and response

* Recommend and implement improvements to DLP program controls, classification rules, and policy enforcement

* Educate stakeholders and end users on data handling policies to reduce data leakage risks

Vulnerability Management

* Leverage Exposure Management Technology to monitor and assess the organization's attack surface across cloud, endpoint, and on-prem environments.

* Correlate exposure data with threat intelligence and business context to prioritize remediation efforts based on risk, exploitability, and asset criticality

* Collaborate with technical teams to interpret exposure insights, recommend mitigation strategies, and drive remediation or risk acceptance activities to closure

* Track and report on exposure trends, risk posture, and remediation progress through bi-weekly reports and dashboards.

* Continuously assess the organization's external and internal attack surface to identify unmanaged or misconfigured assets, emerging vulnerabilities, and security gaps.

* Maintain strong alignment with enterprise asset management efforts to ensure accurate visibility of exposed systems and their security states.

General Responsibilities

* Conduct investigations with a high degree of professionalism and confidentiality

* Build and maintain positive professional relationships across businesses and functions

* Serve as a trusted advisor to peers and leadership

* Stay current on industry trends and emerging threats

* Participate in cybersecurity projects and other duties as assigned

 

What you bring to the table:

Qualifications and Experience

* Expertise in threat management and incident response

* Proven experience utilizing SIEM platforms, EDR solutions, and IDS/IPS technologies to proactively hunt for threats and respond to identified threats

* Proven experience leading incident response efforts and investigations throughout various stages, from identification, triage, and remediation to incident closure

* Strong knowledge of network protocols and operating systems (Windows, Mac OS, Linux)

* User and Entity Behavior Analytics (UEBA) and anomaly detection technology like Microsoft Defender for Identity / Sentinel UEBA, Splunk UBA, and Exabeam Advanced Analytics

* Relevant experience conducting incident response in a cloud environment

* Hands-on experience analyzing network traffic, system logs, and application data

* Hands-on experience performing malware analysis and device forensics

* Familiarity with frameworks such as MITRE Att&ck or Lockheed Martin Cyber Kill Chain

* Ability to continuously research emerging threats to IAM infrastructure and platforms, immediately assess and alert stakeholders to the presence of vulnerabilities

* Experience querying, analyzing, and working with vulnerability data

* Proficient in exposure/vulnerability management, tracking and remediation techniques

* Experience with vulnerability-adjacent processes like asset decommissioning, exception management, false positive suppression, etc.

* Skilled at recommending thoughtful remediation options for vulnerabilities based on the unique vulnerability categorization

* Skilled at delivering vulnerability reporting and analysis of remediation trends and risk

* Preferred: Certifications such as CISSP, Network+, Security+, GSEC, GCED, GCIA, GCIH, CEH, OSCP

What we bring to the table:

*Salary range: $120,000-$130,000. Actual offer may vary from posted hiring range based on location, work experience, and/or education.

*Competitive insurance benefits including medical, dental, vision, HSA, and FSA (dependent care/medical)

*Company paid life, accidental death & dismemberment, and long-term disability insurance

*Optional supplemental life, accidental death & dismemberment, and short-term disability insurance

*401(k) retirement account with employer match and immediate vesting

*Paid time off accrual account (starts at 10 days per year, with an additional day added annually up to 20 days)

*40 hours of accrued Paid Sick and Safe Time annually

*10 paid holidays per year, plus an additional 2 floating holidays

*8 Hours of Papa Cares Volunteer Hours per year

*Paid Parental Bonding Leave

*Tuition Assistance

*Employee Assistance Program

*50% pizza discount at Papa Murphy's Company Stores

Please Note:

The intent of this job description is to provide a representation of the types of duties and responsibilities that will be required in this position and shall not be construed as a declaration of the total of the specific duties and responsibilities of any particular position. Employees may be directed to perform job-related tasks other than those specifically presented in this description.

 

Papa Murphy's International, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.