Security Analyst

Hybrid/London, On

45 Artisans Cres

London, ON N5V, CAN

As  continues to grow, we're investing in the future of our cybersecurity program with the addition of a newly created Security Analyst role. This is an opportunity to become a foundational member of our IT team and help shape how security evolves across a global technology organization. As our dedicated Security Analyst, you'll be responsible for protecting our systems, networks, infrastructure, and data by identifying, assessing, and mitigating security risks while helping establish the security practices that will support our continued growth.

Working closely with Infrastructure, Operations, Development, and business stakeholders, you'll investigate security incidents, manage vulnerabilities, strengthen security controls, and support compliance initiatives. You'll analyze threats across applications, systems, networks, cloud environments, and enterprise platforms while contributing to the secure configuration, hardening, and ongoing protection of the technologies that power our business. This role is ideal for someone who enjoys solving complex problems and understands that effective security starts with a strong foundation in infrastructure.

What makes this opportunity unique is the ability to influence both strategy and execution. As the organization's security-focused resource, you'll help establish security baselines, identify gaps, drive remediation efforts, and foster a security-conscious culture across the company. You'll join a collaborative team that values ownership, innovation, and practical problem-solving, where your expertise will have a direct and visible impact on strengthening 's overall security posture.

• Vulnerability Assessment & Threat Management:
  Conduct regular vulnerability scans, penetration testing across applications and infrastructure; prioritize findings by risk severity and track remediation to closure and work with the IT infrastructure & operations team to remediate the findings.
• Security Monitoring & Incident Response:
  Monitor security alerts and events using SIEM tooling; lead investigation and response to security incidents; document findings and implement measures to prevent recurrence.
• Compliance &
  
  Risk Management:
  
  Maintain and advance the organization's compliance posture against applicable frameworks (e.g., SOC 2, ISO 27001, NIST); conduct risk assessments and support internal and external audits.
• Security Architecture Alignment:
  Partner with the IT teams to ensure security requirements and controls are embedded into architectural decisions, integration patterns, and modernization initiatives from the outset.
• Security Awareness & Policy:
  Develop and maintain security policies, standards, and guidelines; deliver security awareness training and regular phishing campaigns. Act as a subject matter expert for engineering and business teams.

Technical

Skills:

• Vulnerability scanning and penetration testing tools
• SIEM platforms and log analysis (Microsoft Sentinel or equivalent)
• Cloud security controls across Azure, AWS or GCP
• Identity and access management (IAM), MFA, and privileged access controls
• Secure coding awareness and ability to review code or configurations for common vulnerabilities

Knowledge:

• Security frameworks and standards: NIST CSF, ISO 27001, SOC 2, CIS Controls
• Threat intelligence concepts and attack lifecycle
• Data privacy regulations relevant to the organization (e.g., PIPEDA, GDPR)
• Risk assessment methodologies and security risk quantification
• Solid understanding of underlying infrastructure systems (servers, hypervisors, network components, and cloud platforms) and their associated security considerations

Non-Technical

Skills:

• Strong problem-solving and analytical thinking
• Clear written and verbal communication
• Self-directed with the ability to manage multiple priorities in a fast-moving environment
• High degree of professional discretion in handling sensitive and confidential information

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related discipline required.
• 5+ years of experience in an information security, cybersecurity, or related IT role.
• CompTIA Security+, CISSP or CISM
• Familiarity with SOC 2, ISO 27001, NIST, CMMC Cybersecurity Framework required.
• Hands-on experience with vulnerability management, SIEM platforms, and incident response.
• Experience working within complex or legacy technical environments is a strong asset.
• Strong experience working within enterprise IT environments, including infrastructure technologies such as virtualization platforms, network systems (firewalls, wired/wireless networking), and Microsoft-based services (e.g., Active Directory, Azure).

• Limited travel may be required.
• As business needs arise, potential travel to distribution centers in Canada, U.S.A, or the U.K.
• Availability to provide occasional after-hours support or assistance with incident response may be required when operational…