Security Analyst I (Mat-leave Coverage)

Our Information Security team is looking for a motivated, hands-on Security Analyst I to support the execution of day-to-day security operations while contributing to foundational security engineering initiatives. This role provides exposure across multiple security domains, including security monitoring and incident response, security tooling and controls engineering, application security testing, vulnerability management, security risk assessments, and emerging AI security practices.

As a Security Analyst I, you will partner closely with stakeholders across Cloud Operations, Engineering, IT, and business teams to strengthen our security posture through operational excellence, continuous improvement, and a risk-based approach to decision-making.

This is an exciting opportunity for a security professional who enjoys solving complex challenges, driving meaningful improvements, and making a measurable impact across the organization.

Contract Length: 1 Year (Maternity Leave Backfill)

• Coordinate the deployment, configuration, testing, monitoring, and ongoing maintenance of security technologies, including SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, URL filtering, email security, and application/vulnerability scanning platforms.
• Lead small-to-medium-sized security initiatives from requirements gathering through design, testing, pilot execution, and implementation.
• Support proof-of-concept evaluations and product assessments to ensure proposed solutions align with security strategy, standards, and industry best practices.
• Act as a service or tool owner by identifying enhancements, maintaining operational runbooks, and recommending improvements for tools under your responsibility.
• Develop and maintain procedures, workflows, architecture diagrams, and operational playbooks that support security monitoring and engineering activities.

• Investigate and triage security events using technologies such as SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, and email security solutions.
• Detect, respond to, and support investigations of security incidents while documenting root-cause analysis and lessons learned.
• Follow established incident response procedures and playbooks, escalating critical findings appropriately and efficiently.
• Apply analytical and adversarial thinking to identify, protect, detect, respond to, and recover from common cyber threats and attack vectors.

• Perform and support secure baseline reviews, infrastructure scanning, endpoint scanning, application vulnerability assessments, penetration testing validation, and AI red-teaming exercises.
• Review vulnerability findings for accuracy and completeness while partnering with stakeholders to prioritize remediation efforts based on risk.
• Escalate critical vulnerabilities, zero-day threats, and high-priority risks while supporting rapid mitigation efforts.
• Contribute to continuous improvements in vulnerability management workflows through automation and the integration of security testing into CI/CD pipelines.

• Conduct security risk assessments for internal initiatives, product enhancements, vendors, and productivity tools.
• Perform STRIDE-based threat modeling for internal projects and AI-enabled solutions, producing actionable recommendations and clear risk reports.
• Apply a risk-based approach to evaluating Agentic AI technologies and AI-related security risks.
• Conduct vendor risk assessments within OneTrust and support broader third-party risk management activities.

• Identify opportunities to strengthen controls, improve processes, and enhance security outcomes across teams.
• Stay informed on emerging threats, technologies, and industry best practices, sharing relevant insights with colleagues and stakeholders.

• Bachelor's degree in Technology Management, Information Security, Computer Science, Computer Engineering, or equivalent practical experience.
• 3–5 years of experience in Information Security, Security Engineering, or Security Operations.
• At least one industry-recognized security certification (CISSP, CISA, CCSP, or equivalent).
• Experience working with public cloud platforms such as AWS, IBM Cloud, or Google Cloud Platform (GCP).
• Strong understanding of securing cloud environments, operating systems, networks, databases, and applications.
• Hands-on experience with security technologies including SIEM, WAF, DLP, EDR, and infrastructure/application vulnerability scanners.
• Knowledge of industry frameworks and standards such as NIST CSF and ISO 27001/27002.
• Familiarity with controls and compliance requirements related to SOC 1, SOC 2, PCI, and HIPAA.
• Excellent written and verbal communication skills with the ability to clearly document findings and communicate risk.
• Strong problem-solving skills, accountability, and a continuous learning mindset.
• Fluency in English.

• Experience integrating security controls and tooling into CI/CD pipelines, including alerting, scanning, ticket creation, and deployment gating.
• Experience developing security automations using Python, PowerShell, Bash, or similar scripting languages.
• Hands-on experience with OneTrust, including workflow management, evidence collection, and assessment reporting.
• Experience conducting threat modeling and risk assessments using STRIDE methodology.

• Become proficient with existing security tools, monitoring platforms, alert queues, and incident response processes.
• Contribute to investigations and triage activities with high-quality documentation and timely escalation.
• Review vulnerability scanning coverage and support improvements to data quality and prioritization.

• Lead at least one security tooling or process improvement initiative from planning through implementation.
• Improve vulnerability management outcomes through stronger triage, stakeholder collaboration, and remediation tracking.
• Deliver clear risk assessments and STRIDE-based threat models for assigned projects, including AI-enabled solutions.

• Deliver measurable improvements through automation, process maturity, and enhanced operational efficiency.
• Strengthen incident response readiness and reduce recurring security issues through root-cause-driven improvements.
• Establish yourself as a trusted security partner to Engineering, Cloud Operations, and IT teams through consistent execution and pragmatic security guidance.

The expected base salary range for this role is  C76,800.00 $ 96,000.00, and individuals may be eligible to participate in our variable compensation program.  

*Final compensation may vary based on experience, skills, designations, and market conditions.

This posting is for an existing vacancy.

This hiring process utilizes artificial intelligence tools to assist in candidate screening and assessment. Our AI tools are designed to complement, not replace, human decision-making.