As the founding entity of RAINBOW PARTNERS, Quanteam is a consulting firm specializing in Banking, Finance, and Financial Services. Guided by our core values of closeness, teamwork, diversity, and excellence, our team of 1,000 expert consultants, representing 35 different nationalities, collaborates across 10 international offices: Paris, Lyon, New York, Montreal, London, Brussels, Geneva, Lisbon, Porto, and Casablanca.
We are currently seeking a seasoned Security Analyst (L2) to support one of our clients, a leading international financial institution headquartered in Montreal.
Role Overview:
As a Senior SOC Analyst embedded within a 24x7 Security Operations Center, you will be at the forefront of identifying, analyzing, and neutralizing sophisticated cyber threats targeting critical business infrastructure. Beyond routine alert handling, this role focuses on in-depth forensic investigation, proactive threat hunting, and the continuous strengthening of the SOC’s detection and response capabilities. The analyst in this position serves as a technical anchor for the team, guiding junior colleagues and actively contributing to the organization’s overall security posture.
Key Responsibilities:
1. Threat Detection & Incident Response
* Ownership: Take the lead on high-severity and complex security events, including intrusions involving persistent adversaries, multi-stage attack chains, and advanced malicious payloads.
* Investigation: Conduct thorough technical analysis across SIEM platforms, endpoint telemetry, and network traffic data to reconstruct attack timelines and uncover root causes.
* Escalation Support: Serve as the primary escalation point for junior analysts, offering technical validation, investigative direction, and remediation guidance.
* Documentation: Ensure all incidents, findings, and response actions are precisely recorded in case management systems to support operational continuity and post-event reviews.
2. Detection Engineering & Threat Hunting
* Content Development: Design, tune, and maintain detection logic, correlation rules, and monitoring dashboards within SIEM platforms to maximize coverage and reduce alert noise.
* Proactive Hunting: Initiate hypothesis-driven threat hunt campaigns using intelligence feeds, behavioral baselines, and knowledge of adversary tactics drawn from recognized attack frameworks.
* Automation: Develop and maintain scripts and tooling (Python, Bash) to accelerate investigative workflows, automate data enrichment, and streamline repetitive SOC tasks.
3. Cross-functional Collaboration & SOC Development
* Teamwork: Partner with adjacent teams (infrastructure, cloud, identity management, incident response) during active security events and broader remediation efforts.
* Lessons Learned: Actively contribute to post-incident retrospectives, generating actionable recommendations to strengthen security controls and refine processes.
* Continuous Improvement: Support tooling upgrades, SOC maturity initiatives, and security projects to keep operational capabilities in step with an evolving threat landscape.
Required Qualifications and Skills:
* A minimum of 5 years of hands‑on experience in a SOC environment or a comparable senior cybersecurity role.
* Demonstrated expertise with SIEM platforms (e.g., Splunk, ELK), including the authoring of queries, correlation rules, and custom dashboards.
* Advanced understanding of security technologies spanning network defense (firewalls, IDS/IPS, proxies, VPN), endpoint protection (EDR/XDR), and data security solutions.
* Solid grounding in incident response lifecycle, log analysis techniques, and packet capture (PCAP) examination.
* Comprehensive knowledge of core networking protocols and architectures (OSI model, TCP/IP, DNS, HTTP/S, SMTP).
* Thorough understanding of attacker tactics, techniques, and procedures, with practical familiarity with frameworks such as MITRE ATT&CK.
* Hands‑on experience in both Windows and Linux environments, including the ability to identify indicators of compromise and abnormal system behavior.
* Proficiency in scripting (Python, Bash) applied to investigation support and process automation.
* A proactive, adversarial mindset with a continuous drive toward improved threat detection and defense.
Working conditions:
* Candidate must be located or willing to relocate to Brazil (São Paulo) or Colombia (Bogotá)
* Hybrid schedule with 3 days on‑site per week
* Participation in on‑call rotations and extended coverage hours required
* Availability for morning or daytime shifts, including weekend assignments as part of 24/7 operations
#J-18808-Ljbffr