SOC Analyst Tier II

SOC Analyst Tier II

At Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real-time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada.
 

Want to make a lasting impact amongst a community of creative thinkers, problem solvers, technical gurus, and high-performance application developers? We want to hear from you.

The Security Incident Management Analyst (Tier II) will be responsible to provide expert-level analysis, incident response, and strategic guidance within the Security Incident Management Team.  This position plays a key role in monitoring, investigating, and responding to security events and incidents that may impact the confidentiality, integrity, or availability of our systems and services.

for overseeing the development, implementation, and management of comprehensive Insider Threat strategies and programs. This individual will play a critical role in identifying, assessing, mitigating, and responding to risks posed by trusted insiders—employees, contractors, or partners—who might intentionally or unintentionally cause harm to the organization.

You'll be responsible for:

• Incident Detection & Analysis

  • Monitor and investigate alerts from SIEM, EDR, and other security platforms.

  • Perform triage of events and escalate based on severity and impact.

  • Analyze logs from various sources (network, endpoint, application, cloud) to identify suspicious activity.

•  Incident Response & Coordination

  • Respond to and contain security incidents under the guidance of senior analysts or incident leads.

  • Support evidence gathering and documentation during incident investigations.

  • Coordinate with internal IT, business units, and senior cybersecurity staff during incidents.

• Threat Analysis & Hunting (Supporting Role)

  • Assist with basic threat hunting activities, using known indicators and behavioral patterns.

  • Leverage threat intelligence to contextualize incidents and alerts.

• Forensics & Recovery Support

  • Support basic host and network forensics activities under direction from senior responders.

  • Preserve logs and artifacts for deeper analysis or legal needs, following chain-of-custody procedures.

• Detection Tuning & Tooling

  • Recommend and implement improvements to alert logic, detection rules, and response playbooks.

  • Contribute to the development of automated responses and investigation workflows.

• Collaboration & Continuous Improvement

  • Document and report on incidents, lessons learned, and remediation follow-ups.

  • Participate in tabletop exercises and post-incident reviews.

  • Collaborate with Tier I analysts and mentor junior staff as appropriate.

• Contributing to and supporting the implementation of access control mechanisms to enforce privilege and ensure that access to sensitive data is restricted to authorized individuals.

• Sundry Security Incident Management related duties as assigned.

You bring:

• Experience

  • 3–5 years of cybersecurity experience, with at least 1–2 years in security operations or incident response.

  • Experience using tools such as Splunk, CrowdStrike, SentinelOne, or QRadar.

  • Understanding of attack vectors (e.g., phishing, malware, lateral movement) and frameworks such as MITRE ATT&CK, Cyber Kill Chain, NIST 800-61, and threat intelligence lifecycle.

  • Familiarity with cloud environments (Azure, AWS) is an asset.

  • Experience working in or supporting a SOC environment.

• Education & Certifications

  • Degree or diploma in Computer Science, Cybersecurity, or related field—or equivalent practical experience.

  • One or more of the following certifications (or actively pursuing):

    • GIAC GCIH, CompTIA CySA+, SC-200, or Certified Incident Responder (CCRI)

    • Security+, Network+, or similar foundational certifications

• Skills & Competencies

  • Strong analytical and troubleshooting skills.

  • Effective communicator, able to write clear reports and escalate issues effectively.

  • Familiarity with NIST 800-61, Cyber Kill Chain, or similar response frameworks.

  • Exposure to scripting (e.g., PowerShell, Python) for investigation and automation is a plus.

• Practical threat hunting experience using SIEM, EDR, NDR, and threat intelligence platforms.

• Familiarity with regulatory environments relevant to Canadian financial institutions (e.g., OSFI, PIPEDA, PCI DSS, SOC 2).

• Experience in insider threat frameworks (CERT, NITTF) and security best practices.

• Experience / knowledge in Offensive Tactics such as network reconnaissance, software and service exploitation, backdoors, malware usage, and data exfiltration techniques.

• Experience / knowledge in Defensive Tactics, including more detailed knowledge of network communication, extensive knowledge of IDS operation and mechanics, IDS signatures, and statistical detection.

• Experience / knowledge in Malware Analysis, must be able to perform a higher level of malware analysis, both dynamic and static

• Experience / exposure in Host-Based Forensics, including hard drive and file system forensics, memory forensics, and incident timeline creation. Knowledge on how to preserve evidence integrity according to standard operating procedures or national standards.

• Experience in Threat Intelligence, including a broad range of experiences and knowledge of cyber incident response and coordination activities. Broad knowledge of various threat actor groups targeting the financial sector and the malware, tactics.

• Proficient in security event correlation tools.

• Strong Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

• Experience with cloud incident response (especially AWS and Azure).

• Familiarity with access control and IAM, including implementation of least privilege principles.

• Eligibility to work for Interac Corp. in Canada in a full-time capacity.

Interac requires employees to complete a background check that is completed by one of our service providers.  We use this service to complete the following checks:

• Canadian criminal record check;
• Public safety verification;
• Canadian ID cross-check;
• 5-year employment verification;
• Education verification; and
• If applicable, Credit Inquiry and Social Media Check

How we work
We know that exceptional people have great ideas and are passionate about their work.  Our culture encourages excellence and actively rewards contributions with:

Connection: You’re surrounded by talented people every day who are driven by their passion of a common goal.

Core Values:  They define us. Living them helps us be the best at what we do.

Compensation & Benefits: Pay is driven by individual and corporate performance and we provide a multitude of benefits and perks.

Education: To ensure you are the best at what you do we invest in you

Please be aware of certain individuals fraudulently using Interac Corp.’s name and logo to offer fictitious employment opportunities. Interac Corp. will never ask, solicit, nor accept any monies in exchange for employment opportunities. Any such offers of employment are fraudulent and invalid, and you are strongly advised to exercise great caution and disregard such offers and invitations.

Please note that under no circumstances shall Interac Corp. be held liable or responsible for any claims, losses, damages, expenses, or other inconveniences resulting from or in any way connected to the actions of individuals performing such fraud. Further, such fraudulent communication shall not be treated as any kind of offer or representation by Interac Corp. or its subsidiaries and affiliates.