Apply on Kit Job: kitjob.ca/job/2fsldv

JSOC - Principal Cybersecurity - Incident Response 5700 Yonge St, North York, ON M2N 5M9, CanadaJob Description Posted Tuesday, March 31, 2026 at 3:00 AMQuestrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, Zolo, and Flexiti Financial Inc., provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money. We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of. At QFG, we have a culture of innovation where technology serves people—both our team and our customers. We see AI as a collaborative and transformative enabler, and we are seeking forward-thinking individuals who can effectively integrate it into their daily work. The ideal candidate will be a catalyst for change, helping us use AI to create a more efficient and rewarding employee experience while also developing cutting-edge solutions that delight and serve our customers. Join us in shaping a future where AI empowers our team to do their best work and helps us deliver unparalleled customer experiences.This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG.What’s in it for you as an employee of QFG?Health & wellbeing resources and programsPaid vacation, personal, and sick days for work-life balanceCompetitive compensation and benefits packagesWork-life balance in a hybrid environment with at least 3 days in officeCareer growth and development opportunitiesOpportunities to contribute to community causesWork with diverse team members in an inclusive and collaborative environmentWe’re looking for our next Principal SOC Specialist. Could It Be You?Your contribution delivering sustainable and measurable results in the following areas will be very important:Identifying and responding to cyber threats - safeguarding our company's infrastructure and data. You will be primarily involved in leading the alert development cycle, triaging and investigating alerts, managing the full incident response lifecycle (investigation, containment, eradication, and recovery) and collecting and tracking metrics for reporting.



You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs. You will work closely with Cybersecurity and IT teams to align priorities and execute plans for new initiatives, as well as drive process improvements and establish documentation for new tools.You will:Mentor and elevate the technical capabilities of the SOC team.Monitor, analyze and report possible cybersecurity attacks.Investigate and perform analysis of threat indicators.Gather Indicators of compromise and any relevant data to use with threat hunting activities.Leverage security tools (Elastic, CrowdStrike and more) for analysis to identify malicious activities.Analyze identified malicious activity to determine Tactics, Techniques and Procedures.Conduct research, analysis and correlate gathered data from various resources to determine the impact of the incident.Lead containment and eradication efforts, making critical decisions during high-severity incidents.Participate in on-call and hands-on scheduled shift rotations, including outside of business hours.Lead Security Incident Response and serve as the escalation point for complex investigations across internal teams and 3rd party providers.Document incident timelines, evidence, and actions taken for post-incident review.Lead post-incident reviews and drive continuous improvement from lessons learned.Define and continuously improve the SOC's incident response playbooks, runbooks, and detection strategy.Design and lead tabletop exercises and IR simulations.Coordinate and run proactive investigations and threat hunts across corporate environments and detect malicious activities.Maintain up-to-date understanding of security threats, countermeasures, security tools, cloud security and SaaS technologies.Set the standard for technical proficiency; evaluate and recommend tools, techniques, and methodologies for the team.Present investigation, incident response findings and strategic recommendations to senior leadership and executive stakeholders.Define, own, and report on SOC operational metrics (MTTD, MTTR, alert fidelity) and use data to drive strategic improvements.So are YOU our next Principal SOC Specialist, Incident Response? You are if you…8+ years of relevant experience in performing and leading Cybersecurity Incident Response and Threat Hunting activities in a complex incident management or Security Operations Center environment.Extensive experience designing, implementing, and optimizing detection rules and detection-as-code frameworks.Demonstrated expertise integrating security tools via APIs for automation,



and hands-on experience implementing Security Orchestration, Automation, and Response (SOAR) workflows.Deep expertise leading complex, multi-vector investigations and incident response using EDR tools such as CrowdStrike Falcon and SIEM tools such as Elastic Security (KQL, ESQL, Timeline analysis).Advanced experience with forensic triage (disk, memory, network) and multiple operating systems (Mac, Linux, Windows).Proven track record of designing and maturing SOC processes, playbooks, detection strategies, SIEM correlation rules, and incident reports.Proven ability to lead incident management for high-severity incidents, with excellent communication under pressure.Deep understanding of NIST Cybersecurity Framework, MITRE ATT&CK, and ability to apply them to detection engineering and threat modeling.Comprehensive understanding of security products and device monitoring tools including Firewalls, IDS/IPS, Phishing and e‑mail security, content filtering, DDoS, WAF, and more.Demonstrated experience mentoring and developing technical skills across a security team.Robust ability to translate technical findings into strategic recommendations for leadership.Experience with cloud‑native security monitoring (GCP, AWS, Azure).Brownie points if you have…GCIH, GCED, CCFR, HTB CDSA, GCFA, CHFI, GREM, OSCP, CISSP or similar relevant certifications.Compensation Information:Base salary range: $ 114,143 - $142,679The final compensation package will be commensurated with the successful candidate's experience, skills, and geographic location (Canada). It includes a comprehensive benefits plan and a competitive incentive (bonus) program for Full-Time Permanent roles.Sounds like you? Click below to apply!#LI-Hybrid #LI-MM1At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.Questrade Financial Group of companies Applicant Tracking System utilizes artificial intelligence (AI) for application screening. The AI system operates on predetermined criteria, with final decisions subject to human review.Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.5700 Yonge St, North York, ON M2N 5M9, Canada#J-18808-Ljbffr

Apply on Kit Job: kitjob.ca/job/2fsldv

📌 Jsoc - Principal Cybersecurity - Incident Response (Toronto)
🏢 Questrade Financial Group
📍 Toronto