L2 SOC Analyst
Listed on 2026-07-18
-
IT/Tech
Cybersecurity, Network Security, Security Management & Operations, Information Security
Location: Toronto, Ontario (In-Office) (King & Spadina)
Work Schedule: Monday – Friday, some shift work and on call required
Salary Range: $100,000 - $125,000 CAD per year
AI Disclosure: We do not use artificial intelligence to screen, assess, or select applicants for this position.
Vacancy Status: This posting is for an existing vacancy at our Toronto office.
BrightIT is a high-velocity tech hub focused on delivering world-class digital solutions for the iGaming sector. We bridge the gap between creative startup culture and industrial-scale execution.
Mission: Empowering brands through bold, responsible technology.
Vision: Creating a home for the brightest minds in tech to redefine the gaming landscape.
The SOC L2 Analyst plays a critical role in our Information Security department. Your primary mission is to monitor and analyze security events to detect, investigate, and respond to potential threats. As an L2 specialist, you will act as a bridge between high-volume monitoring and deep-dive incident response, ensuring our infrastructure remains resilient against evolving threat vectors.
Key Responsibilities Monitoring & Advanced AnalysisContinuously monitor security alerts and events from a variety of sources, including SIEM, IDS/IPS, firewalls, and endpoint security tools.
- Monitor, validate, and analyze security events across AWS Cloud infrastructure
, SaaS platforms, and on-premise systems. - Perform deep-dive investigations using diverse log sources to identify sophisticated security incidents and anomalous activity.
- Participate in the full lifecycle of incident response: containment, eradication, recovery, and post-mortem reporting.
- Act as the primary escalation point for the L1 team
, providing guidance and technical expertise on complex alerts. - On-Call Function: Be available for critical incident escalations and “fire drill” scenarios as part of the extended SOC response capability to ensure 24/7 coverage for high-priority threats.
- Triage security alerts: assess severity and potential impact to determine the appropriate handling or escalation path.
- Develop and refine SIEM rules and detection logic based on the MITRE ATT&CK framework and emerging threat intelligence.
- Identify vulnerabilities and security gaps in the environment; contribute to remediation through enhanced alerting or control improvements.
- Support the threat intelligence function by filtering actionable insights to guide operational decision-making.
- Ensure timely documentation of all security events and incidents in Jira
, adhering strictly to SLAs and SOC policies. - Actively contribute to developing, validating, and optimizing detection use cases to minimize false positives and improve overall response efficiency.
- 2+ years of experience in security operations, incident response, or threat monitoring.
- Technical Proficiency: Hands‑on experience with SIEM platforms (e.g.,
Elastic Security, Splunk, Sentinel, QRadar, ELK) and log correlation. - Infrastructure Knowledge: Familiarity with IDS/IPS, EDR, firewalls, and email/web gateways. Familiarity with network and endpoint security technologies, with specific experience managing/monitoring Palo Alto Next-Generation Firewalls and Cortex XDR (EDR).
- Cloud Security: Experience securing cloud platforms (specifically AWS
) and their native security services. - Protocol Expertise: Strong understanding of web protocols and common application-layer attacks.
- Analytical Mindset: Ability to research and investigate security events independently with high attention to detail.
- Methodologies: Solid understanding of cybersecurity principles,
MITRE ATT&CK, Cyber Kill Chain
, and threat hunting. - Communication: Clear verbal and written communication for documenting incidents and collaborating with the SOC Lead.
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
- Familiarity with regulatory frameworks:
ISO 27001, PCI DSS, or GDPR
. - Relevant certifications (e.g., CySA+, GCIH, or cloud-specific security certs).
We believe that our people are our greatest asset, and we are committed to…
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: