Analyst Cybersecurity (Automation)

Job Summary

The position holder contributes directly to the deployment and evolution of the organization’s cybersecurity capabilities by developing, optimizing, and automating detection and response mechanisms within SIEM and SOAR platforms. They work closely with IT infrastructure teams and security analysts to improve operational efficiency and the quality of alerts handled by the security operations center (SOC). This role requires strong expertise in event correlation, data normalization, and security process automation. The specialist is responsible for designing, tuning, and maintaining detection rules, log source integrations, and automated workflows aimed at reducing manual work, accelerating incident response, and improving visibility across all enterprise environments, including stores, warehouses, the distribution center, and head office.

Key Accountabilities

• Contribute to the evolution of detection and automation capabilities by developing, refining, and maintaining rules, correlations, and automations within SIEM and SOAR platforms.
• Integrate and normalize new log sources, ensuring data quality, consistency, and availability for detection purposes.
• Optimize SIEM performance by managing configuration, connectors, data pipelines, and the relevance of generated alerts.
• Collaborate with SOC analysts to improve alert fidelity, reduce false positives, and support security event analysis.
• Monitor trends, identify visibility gaps, and recommend improvements to detection and automation mechanisms.
• Perform ongoing threat intelligence and research on attack tactics and techniques (e.g., MITRE ATT&CK) to enrich detection use cases and anticipate emerging threats.
• Document detection rules, integrations, automations, and technical processes, and contribute to establishing standards and best practices for log management and security monitoring.
• Participate in the evaluation of new IT tools or systems to define required logging and security controls for SIEM integration.
• Administer SIEM/SOAR platforms, including installation, configuration, upgrades, and management of modules and integrations.

  Monitoring, Detection, and Response (as needed)

• Perform network monitoring and intrusion analysis using security defense tools (IDS/IPS, firewalls, EDR, email security).
• Correlate activity across assets (endpoints, network, applications), environments (on‑premises and cloud), and identities to identify anomalous patterns.
• Review alerts and sensor data, and produce formal technical incident reports.
• Participate in incident triage, containment, and investigation workflows.
• Lead investigations for major security incidents.
• Provide Level II support and ensure full resolution of incidents.
• Research emerging threats and vulnerabilities and actively participate in security communities.

Job Requirements

• DEC or Bachelor’s in Computer science, Cybersecurity, or a related field.
• Minimum of seven (7) years of experience in information technology, including significant experience in detection engineering, SIEM administration, or SOAR automation.
• Excellent command of Splunk Enterprise, including SPL query design, correlation rules, dashboards, and data models.
• Hands‑on experience with Splunk SOAR, including development, optimization, and deployment of automated playbooks.
• Strong knowledge of Microsoft ecosystems, including Windows Server, Windows 10+, Azure AD/Entra ID, and Microsoft 365.
• General knowledge of Linux (RHEL or equivalent), particularly for log ingestion and analysis.
• Solid understanding of Active Directory and related security concepts (GPOs, ACLs, Kerberos, hardening, authentication).
• Good knowledge of security tools such as EDR, firewalls, IDS/IPS, anti‑spam solutions, proxies, and cloud security services.
• Ability to analyze and interpret logs from diverse systems (Windows, Linux, Unix, cloud, applications, and network devices).
• Knowledge of threat hunting, MITRE ATT&CK, incident response, and behavioral analysis concepts as applied to detection engineering.
• Knowledge of cloud environments (Azure, GCP) and their logging models — a strong asset.
• Excellent technical problem‑solving, diagnostic, and optimization skills.
• Ability to work independently while collaborating effectively with IT and security teams.
• Strong sense of accountability, attention to detail, and service‑oriented mindset.
• Security or Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Security Admin, CISSP) – an asset.
• Bilingual in French and English, both spoken and written.