Security Analyst, Tier 2 – Protection Services

About the Role

The Security Analyst, Tier 2 – Protection Services plays a critical role in strengthening the security posture of our clients through advanced investigations, security awareness initiatives, and proactive threat protection. This role is responsible for conducting deep-dive endpoint investigations, enhancing client security awareness programs, tuning alerts and playbooks, and supporting incident response activities.

About Us

We are proud to be recognized as a top employer for multiple years in a row, we currently hold the distinctions of Canada's Top Small and Medium Employers 2025, Greater Toronto's Top Employers 2025 and are Certified Great Place to Work

ISA Cybersecurity is a proudly Canadian cyber and AI services and solutions provider. Trusted by over 500 clients from SMB to global enterprise, we empower organizations to safeguard their most critical assets and adopt AI securely. Through our highly customizable Cyber 360 and AI 360 offerings, we deliver a comprehensive range of governance, assurance, engineering protection, detection, and response services for the public and private sectors. Backed by over three decades of operational experience and a vast network of highly specialized and certified experts, we leverage cutting-edge technologies and AI to ensure that clients achieve their privacy, security, and business goals.

We operate in a remote-first environment. Office presence is typically less than 20% of the time, varying by role and work requirements. Our office space, located at Bloor and Islington, is a collaborative space designed for in-person meetings and drop-ins. We enjoy hosting in-person quarterly town halls and social events throughout the year to encourage teambuilding and collaboration.

Responsibilities

• Conduct in-depth investigations of endpoint protection alerts and events using tools such as SentinelOne, CrowdStrike, and Microsoft Defender.
• Participate in an on-call rotation to support incident response outside of standard business hours, as required.
• Fully investigate and document security breaches, providing clear and comprehensive incident reports to stakeholders.
• Provide ongoing status updates to leadership throughout the incident life cycle to ensure appropriate resources are engaged.
• Create, tune, and optimize rules and playbooks to reduce false positives and alert fatigue.
• Provide clearly documented procedures that support timely ticket resolution and adherence to SLAs.
• Assist in developing and refining SOC processes and procedures to improve investigation quality, response time, and operational efficiency.
• Maintain a full understanding of Tier 1 responsibilities to support effective knowledge sharing and playbook development.
• Develop and maintain monthly and quarterly security reports in accordance with client requirements.
• Provide analysis, insights, and recommendations in areas of concern identified through investigations and reporting.
• Enhance client security awareness through platforms such as KnowBe4 and Proofpoint.
• Plan and execute simulated phishing, vishing, and smishing campaigns to help clients identify high-risk users and improve training effectiveness.
• Provide clients with monthly security awareness reports and post-campaign summaries detailing user performance, phish-prone percentages, and risk scores.
• Assist clients with security product implementation, onboarding, and support, ensuring tools are configured to enhance visibility and detection.
• Ensure leadership and stakeholders are kept informed of potential risks and impacts introduced by new incidents.

Qualifications

• 2+ Years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and security awareness.
• Experience with malware analysis, and the main point of contact for responding to security incidents relevant to major breaches.
• Experience following security domains: EDR, device control, rogue detection, desktop firewall, application vulnerability management.
• Collaborate with peers, service leads, vendor support in introducing, testing, and integrating security products.
• Act as Tier 2 escalation for investigations & analysis.
• Strong knowledge of Security Awareness program design, development, implementation, and support.
• Strong understanding of information security concepts (Confidentiality, Integrity, Availability)
• Excellent communication and interpersonal skills
• Excellent analytical thinking and problem-solving skills.
• Understand of Learning Management System (LMS) (if solution is hosted in-house)
• Recommended industry certification (CISSP, CISA, CISM, CE|H, GIAC SANS Security Awareness Professional)
• Recommended vendor certification (Proofpoint, SentinelOne, Crowdstrike)

Post-Secondary Education in Cyber Security, Computer Science & Computer Engineering

Why Join Us?

At ISA Cybersecurity we lead with our "Why". Our Why is to make people feel safe. This not only applies to the result of services that we provide to our clients, but how people feel when interacting with us. Whether you're an employee of ISA or a client we want you to feel safe and supported. Each one of our team members is expected to uphold this leadership quality and embrace it through consistent demonstration of our core values of Explore, Persevere, Adapt and Uplift.

We are proud to offer a variety of employee friendly programs that enable our team to perform at their best.

Highlights of our programs and policies include:

• Flexible sick and personal days for all employees
• Generous health plan with enhanced mental health resources and programs
• Professional development opportunities and education reimbursement up to $2,000 annually for all employees
• Maternity and parental leave top-up
• Employee referral bonus of $2,000
• Competitive salaries complemented with RRSP matching and bonus programs
• Distance remote working policy
• LinkedIn Learning access for all team members

We also place great value on celebrating the contributions of all employees through the following service recognition programs:

• Service anniversary recognition and generous five-year milestone service awards
• President's Club recognizing special achievement awards: Team Member of the Year for Sales, CIOC and Cyber Services, the Rich Uhrich Founder's Award that is nominated on by all employees and four President's Awards (Risk Taker, Lost Without You, Money Maker and On the Rise)

Spot rewards providing opportunities for instant peer recognition

Information-sharing and team-building initiatives include:

• Annual kick-off meeting to communicate our strategic priorities
• Quarterly town hall meetings
• Regular team get togethers and client events

Scheduled employee feedback surveys and goal setting focus groups

Thank you for your interest in joining ISA Cybersecurity. Our team looks forward to reviewing your application. We will be reaching out to you directly if your experience matches our needs.

Posting Status: This posting is for an existing vacancy.

AI Use Disclosure: ISA Cybersecurity does not currently use artificial intelligence tools as part of our recruitment process.

Accessibility:

ISA Cybersecurity is committed to providing accommodations for applicants with disabilities. If you require specific accommodation because of a disability or medical need, please inform ISAs Human Resources team (-) so arrangements can be made for appropriate accommodation to be in place during the recruitment process.