L3 SOC Analyst / Incident Responder

Company Description

Act Digital is a technology consulting and expertise firm founded in 2006. Our mission is to support our clients with their technical and organizational cybersecurity challenges. Our offering is structured around the following areas of expertise:

• Security Management
• Architecture and Integration
• Audit and Penetration Testing
• Cyber Defense
  
  

We Are An International Group With 6,500 Employees And Operations In 12 Countries. Our Success Depends On The Development And Fulfillment Of Each Employee, And We Place Great Importance On Providing The Best Possible Working Conditions

• Remote working is available for a large part of our assignments
• A Flex Office work environment available to everyone at all times to foster communication and collaboration
• Communities of experts to share and disseminate skills within the group
• Project management and local HR support
• Training and certification offered annually
• Promotion of our consultants' expertise
• Strong openness to occasional or long-term international mobility
• Intrapreneurship opportunities
  
  

act digital Canada is one of our newest subsidiaries, created in 2023. We have our offices located in downtown Montreal, directly connected to the city's metro network.

Job Description

We are looking for an experienced L3 SOC Analyst / Incident Responder to join our cybersecurity team. In this role, you will be responsible for leading advanced threat detection, incident response activities, and driving the continuous improvement of our security operations. You will be a key player in protecting our clients digital assets from sophisticated cyber threats.

Key Responsibilities

• Advanced Threat Detection: Monitor and analyze security events from various sources, including SIEM, EDR, NDR, firewalls, and other protection systems. Identify and respond to advanced persistent threats (APTs) and complex security incidents.
• Incident Response: Lead incident response efforts, including investigation, containment, eradication, and recovery. Coordinate with other teams to manage and mitigate security incidents, ensuring minimal impact on business operations.
• Forensics and Analysis: Perform in-depth forensic analysis on compromised systems, including malware analysis, network traffic analysis, and log analysis. Document findings and provide detailed incident reports.
• Threat Hunting: Proactively hunt for hidden threats in the network, using threat intelligence, behavioral analysis, and anomaly detection techniques. Identify and mitigate potential security risks before they escalate.
• Security Improvements: Collaborate with the SOC team to continuously improve detection capabilities, including tuning and optimizing SIEM rules, developing custom scripts, and integrating new tools and technologies.
• Training and Mentorship: Provide guidance and mentorship to junior SOC analysts (L1/L2), sharing knowledge and best practices for incident response and threat detection.
• Post-Incident Reporting: Prepare detailed post-incident reports that include root cause analysis, impact assessments, and recommendations for future prevention measures. Communicate findings to senior management and relevant stakeholders.
• Incident Playbooks: Develop and maintain incident response playbooks, ensuring they are up-to-date and aligned with the latest threat landscape and industry best practices.
• Collaboration: Work closely with other IT and security teams, including vulnerability management, IT operations, and network security, to strengthen the organization’s overall security posture.
  
  

Qualifications

• Experience:
• 5+ years of experience in a SOC environment, with a focus on incident response and advanced threat detection.
• Proven track record of handling complex security incidents and conducting forensic investigations.
• Technical Skills:
• Expertise in SIEM platforms (e.g., Splunk, QRadar), IDS/IPS, firewalls, and endpoint detection and response (EDR) tools.
• Proficiency in scripting languages (e.g., Python, PowerShell) for automation and custom detection use cases.
• Strong understanding of network protocols, malware analysis, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST).
• Experience with threat hunting techniques and tools, as well as familiarity with threat intelligence platforms.
• Soft Skills:
• Excellent problem-solving skills and the ability to work under pressure during high-stress incidents.
• Strong communication skills, capable of explaining technical issues to both technical and non-technical stakeholders.
• A proactive mindset with a passion for staying current with the latest cybersecurity trends and threats.
  

Education

• Bachelor’s degree in Computer Science, Information Security, or a related field is preferred.