Security Analyst

About Mjolnir Security

Mjolnir Security is a Canadian MSSP and DFIR firm with deep expertise in Microsoft 365 security, endpoint detection and response, threat intelligence, and digital forensics. We operate a proprietary AI-augmented security operations platform and serve enterprise clients in banking, automotive, education, and regulated sectors. All operations are Canadian-data-resident by design.

The Role

We're hiring a Security Analyst to join our security operations and DFIR practice. You'll support threat monitoring, incident triage, log analysis, M365 security investigations, and endpoint forensics across a portfolio of enterprise clients. You'll work alongside senior DFIR and M365 specialists and be expected to grow fast — this is a hands-on role from day one.

What You'll Do

• Monitor client environments for security events, anomalies, and indicators of compromise using SIEM, EDR, and proprietary tooling
• Triage and investigate alerts, escalating confirmed incidents per established playbooks
• Conduct M365 log analysis including Unified Audit Log, Entra ID sign-in logs, and Exchange/Teams telemetry
• Support DFIR engagements: evidence acquisition, chain-of-custody documentation, timeline reconstruction, and report contribution
• Write and refine detection rules, Suricata signatures, and threat hunting queries
• Contribute to threat intelligence briefs (BLUF format): IOC enrichment, OSINT research, and context development
• Assist with client vulnerability assessments and security posture reviews
• Document findings clearly for both technical audiences and executive summaries
• Support the deployment and tuning of security controls including DLP policies, conditional access, and endpoint agents

What You Bring

• 1–3 years of experience in a SOC, MSSP, IT security, or DFIR-adjacent role
• Working knowledge of Microsoft 365 security: Defender for Endpoint/Identity/O365, Entra ID, Purview
• Familiarity with SIEM concepts and log analysis (Sumo Logic, Sentinel, or similar)
• Understanding of common attack techniques (MITRE ATT&CK), phishing chains, and ransomware tradecraft
• Exposure to network-level security: Suricata, Zeek, firewall log analysis, or packet capture
• Strong written communication — you can write a coherent incident summary under pressure
• Security certifications (SC-200, Security+, CySA+, BTL1, or equivalent) are an asset
• Hands-on experience with forensic tools (Magnet AXIOM, Velociraptor, or similar) is a strong advantage
• Python or PowerShell scripting for automation or log parsing is a plus

Why Join Us

• Work real DFIR cases and live SOC operations — not a training lab
• Exposure to a proprietary AI-augmented SOC platform and 90+ internal security tools
• Mentorship from senior DFIR and M365 specialists with 17+ years of enterprise experience
• Clear path to Senior Analyst or DFIR Specialist with hands-on case ownership
• Competitive compensation, hybrid flexibility, and the pace of a firm that builds and ships

Location requirement: Candidates must reside in the Greater Toronto Area. This hybrid role requires in-person availability at our office or client sites up to three days per week. Relocation assistance and travel reimbursement are not available for this position.