Work With ORION

Senior Security Analyst


As pioneers of cybersecurity thought leadership in Canada’s research and education sector, ORION is committed to keeping our digital community safe by helping improve their cybersecurity posture. The successful candidate will have the opportunity to work collaboratively with cybersecurity experts across Ontario, Canada, and around the world.

ORION is a not-for-profit organization dedicated to empowering Ontario researchers, educators and innovators. We foster a community of more than two million users at more than a hundred universities, college, hospitals and research institutions, as well as many of Ontario’s school boards. We enable ground-breaking discoveries and cutting-edge education by connecting institutions and regions through our network, facilitating collaboration, and providing our community with the digital tools and expert support they need to make the world a better place.

As a member of the ORION security team, the Senior Security Analyst is responsible for the operational cybersecurity aspects of ORION’s province-wide network in order to be effectively utilized by researchers, educators, and other innovators for research and education purposes.

The Senior Security Analyst is required to understand network protocols and systems behaviours. This position will be responsible for the design, implementation, and operation of a proposed security operations centre (SOC). The centre will provide a first point of contact for security operations, especially in developing and handling managed security services such as security information and event management (SIEM), distributed denial of service (DDoS) software, and firewalls.

Responsibilities and Duties

  • Provide functional design, implementation, and oversight of the security operations capability in support ORION’s policies and practices
  • Provide oversight on the delivery of all enterprise operational security services, including the collection of cyber-threat intelligence, security vulnerability management, perpetual scanning (VA), logging and monitoring, SIEM, event correlation, DDoS detection and mitigation, operational metrics and reporting, as well as specialized security needs and services pertaining to the ORION network
  • Spearhead the cybersecurity operations capabilities and activities which will include security architecture, design and requirements, operationalization, maintenance, governance, and risk management
  • Develop and track management- and board-level security metrics for cybersecurity operations under the direction of the CISO and Chief Technology Officer, with the aim of strengthening the security posture of ORION
  • Develop and deploy security monitoring use cases
  • Interact effectively and persuasively with key stakeholders, both internally and externally
  • Analyze cybersecurity events and incidents to determine the root cause and apply the appropriate mitigation measures as outlined by the organization’s incident response plan
  • Triage and analyze security events in order to prioritize and escalate alerts that exceed the SIEM threshold

Skills and Competencies

  • Good communication and organization skills
  • 3 to 5 years SIEM experience
  • Windows, Unix and Linux Operation Systems
  • TCP/IP, computer networking, routing and switching, firewalls, VPN
  • Good knowledge of IT security frameworks (NIST, ISF, ISO 27001, etc.)
  • Forensics investigation and analysis of security incidents (how and why a security breach or a compromised system occurred)
  • Good working knowledge of:
    • Enterprise platforms:
      • Server platforms (Unix/Linux, Windows etc.)
      • Virtualized infrastructure (VMWare)
      • Performance monitoring
    • Networking and security (TCP, SSL, authentication, Linux PAM, OpenSSL, Apache, RPM)
  • Direct prior experience with enterprise security technologies
  • Prior experience as a SOC Engineer or Analyst or Systems Administrator

Desired Certifications and Education

  • Bachelor’s degree or diploma in computer science or related fields
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • Other relevant certifications include: CISA, CISM, ISO 27001 Lead Auditor, SABSA or similar certification is an asset
  • Knowledge of ITIL, NIST, and ISO best practices and process improvement
  • A combination of studies, certifications, and relevant experience would be also considered

Industry Specific Requirements

  • 3 to 5 years of relevant experience in an operational IT security environment such as SOC or CSIRT
  • Good understanding of SIEM technology from architecture and engineering perspectives
  • Good understanding of cybersecurity monitoring
  • In-depth knowledge of security event management, network monitoring, log collection and correlation


Please apply to