Security Incident Management, Lead
Interac
Security Incident Management, Lead
At Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real-time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada.
Want to make a lasting impact amongst a community of creative thinkers, problem solvers, technical gurus, and high-performance application developers? We want to hear from you.
The Security Incident Management, Lead will be responsible to provide expert-level analysis, incident response, and strategic guidance within the Security Incident Management Team. This individual will be expected to play a critical role in handling the most complex and sophisticated security incidents, bringing with them extensive experience and expertise.
To the SOC, playing a pivotal role in handling the most sophisticated threats, shaping strategic cybersecurity initiatives, and providing leadership within the cybersecurity team.
For overseeing the development, implementation, and management of comprehensive Insider Threat strategies and programs. This individual will play a critical role in identifying, assessing, mitigating, and responding to risks posed by trusted insiders—employees, contractors, or partners—who might intentionally or unintentionally cause harm to the organization.
You'll be responsible for:
-
Advanced Incident Analysis and Investigation:
Conduct highly specialized analysis and investigations into complex security incidents.
Lead investigations into advanced persistent threats (APTs) and sophisticated attack vectors.
Provide detailed insights into the tactics, techniques, and procedures (TTPs) of advanced threat actors.
-
Strategic Incident Response Planning:
Develop and lead the implementation of strategic incident response plans.
Design and implement incident response strategies that align with organizational goals.
Provide strategic guidance on incident response best practices.
-
Advanced Forensic Analysis and Digital Forensics:
Conduct advanced forensic analysis and digital forensics to gather detailed evidence for legal and investigative purposes.
Utilize advanced forensic tools and techniques to analyze and document sophisticated attacks.
Support legal teams with detailed forensic evidence for potential legal actions.
-
Threat Hunting and Proactive Defense:
Lead threat hunting initiatives to proactively identify and mitigate potential threats.
Design and execute advanced threat hunting campaigns to detect hidden or latent threats.
Proactive Threat Detection - Identify and proactively hunt for advanced threats within the organization's network and systems.
Work with the Threat Intelligence team to stay ahead of emerging threats and adapt security strategies accordingly.
-
Collaboration with Cybersecurity Leadership:
Collaborate with cybersecurity leadership to shape and implement the overall cybersecurity strategy.
Provide expert insights to inform strategic decision-making.
Contribute to the development and enhancement of cybersecurity policies and procedures.
Contributing to and supporting the implementation of access control mechanisms to enforce privilege and ensure that access to sensitive data is restricted to authorized individuals.
Fine-tune detection rules and enhance security monitoring.
Sundry Security Incident Management related duties as assigned.
You bring:
Bachelor’s degree in information security, Computer Science or related field.
8-12 years of Cybersecurity experience, with at least 5 years specifically in incident response and threat analysis.
-
Relevant certifications, including:
GIAC Certified Incident Handler (GCIH),
GIAC Certified Forensic Analyst (GCFA) or GIAC Advanced Incident Response and Threat Hunting (GCIRT),
GIAC Cyber Threat Intelligence (GCTI),
Certified Information Systems Security Professional (CISSP),
Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP)
SANS SEC560, SEC504, FOR508, or FOR572
Direct experience handling advanced persistent threats (APTs) and nation-state-level attack vectors.
Demonstrated leadership in incident response coordination, including executive-level communication during crises.
Practical threat hunting experience using SIEM, EDR, NDR, and threat intelligence platforms.
Familiarity with regulatory environments relevant to Canadian financial institutions (e.g., OSFI, PIPEDA, PCI DSS, SOC 2).
Strong expertise in insider threat frameworks (CERT, NITTF) and security best practices.
Strong expertise in Offensive Tactics such as network reconnaissance, software and service exploitation, backdoors, malware usage, and data exfiltration techniques.
Strong expertise in Defensive Tactics, including more detailed knowledge of network communication, extensive knowledge of IDS operation and mechanics, IDS signatures, and statistical detection.
Strong experience in programming, including development of custom detection and analysis solutions. Strong understanding of the LINUX BASH environment.
Strong expertise in Malware Analysis, must be able to perform a higher level of malware analysis, both dynamic and static
Strong experience in Host-Based Forensics, including hard drive and file system forensics, memory forensics, and incident timeline creation. Knowledge on how to preserve evidence integrity according to standard operating procedures or national standards.
Strong experience in Threat Intelligence, including a broad range of experiences and knowledge of cyber incident response and coordination activities. Broad knowledge of various threat actor groups targeting the financial sector and the malware, tactics.
Proficient in security event correlation tools.
Strong Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Expert with tools like Splunk, QRadar, CrowdStrike, Carbon Black, Mandiant, Volatility, FTK, Wireshark, etc.
Proficient in scripting or automation (e.g., Python, PowerShell, Bash) for log analysis and tooling enhancements.
Strong grasp of MITRE ATT&CK, Cyber Kill Chain, NIST 800-61, and threat intelligence lifecycle.
Experience with cloud incident response (especially AWS and Azure).
Familiarity with access control and IAM, including implementation of least privilege principles.
You have working experience with Cybersecurity Frameworks and industry standards: ISO 27001/2, PCI DSS, CIS, NIST 800 Series.
Relevant certifications such as CISSP, GIAC GCTI are preferred.
Eligibility to work for Interac Corp. in Canada in a full-time capacity.
Interac requires employees to complete a background check that is completed by one of our service providers. We use this service to complete the following checks:
- Canadian criminal record check;
- Public safety verification;
- Canadian ID cross-check;
- 5-year employment verification;
- Education verification; and
- If applicable, Credit Inquiry and Social Media Check
How we work
We know that exceptional people have great ideas and are passionate about their work. Our culture encourages excellence and actively rewards contributions with:
Connection: You’re surrounded by talented people every day who are driven by their passion of a common goal.
Core Values: They define us. Living them helps us be the best at what we do.
Compensation & Benefits: Pay is driven by individual and corporate performance and we provide a multitude of benefits and perks.
Education: To ensure you are the best at what you do we invest in you
Please be aware of certain individuals fraudulently using Interac Corp.’s name and logo to offer fictitious employment opportunities. Interac Corp. will never ask, solicit, nor accept any monies in exchange for employment opportunities. Any such offers of employment are fraudulent and invalid, and you are strongly advised to exercise great caution and disregard such offers and invitations.
Please note that under no circumstances shall Interac Corp. be held liable or responsible for any claims, losses, damages, expenses, or other inconveniences resulting from or in any way connected to the actions of individuals performing such fraud. Further, such fraudulent communication shall not be treated as any kind of offer or representation by Interac Corp. or its subsidiaries and affiliates.