Incident Response Analyst

Location: Vaughan, ON (GTA) – Onsite

Employment Type: Full-time | Permanent

Cyberwall is a cybersecurity services provider delivering advanced threat detection, digital forensics, and incident response services to organizations in Canada and USA.
We are expanding our Incident Response practice and are seeking an Incident Response Analyst to lead client-facing engagements and manage complex security incidents.

This role is suited for an experienced cybersecurity professional who has handled real-world breaches end-to-end and can confidently guide both executive and technical stakeholders through high-impact incidents.
If you DON'T have Incident Response experience-> DON'T APPLY

Role Overview

As an Incident Response Analyst, you will act as a primary responder during active security incidents. You will lead investigations, coordinate containment efforts, provide strategic remediation guidance, and deliver detailed executive-level reporting. This role requires strong technical depth combined with clear communication and leadership skills.

Key Responsibilities

  • Lead and manage incident response engagements across client environments
  • Serve as a primary technical lead during security incidents
  • Conduct advanced host, network, and cloud-based forensic investigations
  • Analyze EDR/XDR telemetry, SIEM alerts, firewall logs, and threat intelligence
  • Develop and oversee containment, eradication, and recovery strategies
  • Deliver detailed root cause analysis and post-incident reports
  • Provide executive briefings and remediation roadmaps
  • Perform proactive threat hunting and compromise assessments
  • Support incident response readiness reviews and tabletop exercises
  • Contribute to the development and refinement of internal IR playbooks and methodologies

Technical Expertise

  • Strong hands-on experience with EDR/XDR platforms (SentinelOne or equivalent)
  • Advanced experience with SIEM platforms and log correlation
  • Experience investigating ransomware, business email compromise (BEC), insider threats, and advanced persistent threats
  • Deep understanding of MITRE ATT&CK and attacker TTPs
  • Familiarity with forensic methodologies and evidence handling best practices
  • Proficiency in investigating Windows and Linux OS systems
  • Strong knowledge of TCP/IP, DNS, VPNs, firewalls, and IPS technologies
  • Experience analyzing logs in JSON, Syslog, and CEF formats
  • Scripting capability (PowerShell, Python, or similar) preferred

Qualifications

  • 3+ years of experience in Incident Response, Digital Forensics, or advanced SOC roles
  • Experience in MSSP, consulting, or enterprise security environments
  • Demonstrated ability to independently lead investigations
  • Strong written and verbal communication skills, including executive reporting
  • Knowledge of security frameworks such as NIST, ISO 27001, and CIS Controls

Certifications are considered an asset:
GCIA, GCIH, GCFA, CISSP, CEH, or equivalent.

What We’re Looking For

  • Strong investigative mindset and analytical depth
  • Ability to remain composed and decisive during high-severity incidents
  • Client-facing professionalism and advisory capability
  • Ability to translate technical findings into business risk and impact
  • Commitment to ongoing threat research and professional development

Location Requirement

  • GTA candidates only
  • Onsite role in Vaughan, ON
  • No relocation or work permit will be provided

If you are an experienced incident responder ready to lead complex investigations and play a key role in strengthening client security posture, we encourage you to apply.

Apply by sending your resume to:
info@cyberwalldefense.com

Contact Us
CYBERWALL Inc Copyright © 2023