Senior Security Analyst
Technology is at the heart of driving Admiral’s business.
About Admiral Tech
With a history of innovation, UK financial services leader Admiral Group continues to expand our world-class Tech department in Canada.
From Cloud through to DevOps, our technology department comprises over 600 people and is an exciting and fast-paced environment. If you’re looking for a technically challenging and rewarding role with outstanding support and opportunities for progression, you’ve come to the right place.
About Admiral Canada
One of the UK’s most recognizable insurance and financial service providers, Admiral offers insurance, loans, and various other products to over 9.1 million international customers.
In 2007, Admiral launched its Canadian office in Halifax with a small group of 20 staff. Today, we employ over 400 people throughout Nova Scotia who support our UK customers with home and motor insurance policies.
In 2022, we launched our Cyber Security team in Canada, providing wrap-around global support to our business. With the industry’s forward momentum and a vibrant, homegrown talent pool of up-and-coming professionals, we’ve quickly become a formidable tech option within Admiral Group.
About the Job – Senior Security Analyst
The Security Operations Centre (SOC) is part of Admiral’s (EUI) Security Operations function. The SOC seeks an experienced analyst to join the Admiral team in Canada. As a Senior Security Analyst, you will respond to and investigate security events in EUI’s environment and conduct proactive threat hunting as part of the established process.
The SOC team collaborates closely with other security operations functions, such as Incident Response and Threat Intelligence, as well as various technology and business units. This role will also serve as the primary contact for the EUI SOC in Canada and will drive all activities conducted by SOC members in Canada in collaboration with the larger team.
This position may require working scheduled shifts or being part of an on-call rota on weekdays and/or weekends.
Responsibilities
• Monitor and analyse security alerts and events using SIEM, SOAR, and EDR platforms.
• Suggest and implement changes and suppressions in detection rules and playbooks to enhance SOC capabilities.
• Serve as an escalation point for SOC analysts in Canada.
• Collaborate with and assist the DFIR (Digital Forensics and Incident Response) team during incident response investigations as needed.
• Conduct threat hunting using Admiral’s security systems as required.
• Prioritize hunts based on Threat Intelligence provided to the hunt team.
• Analyse Threat Actor TTPs (Tactics, Techniques, Procedures) to develop hypotheses and hunt campaigns.
• Analyse Threat hunt results and carry out necessary actions.
• Generate hunt reports to share outcomes and insights with the broader team.
• Stay updated on the evolving threat landscape and collaborate with team members.
• Able to work effectively with all levels of seniority across IT and the wider business.
Knowledge and Experience Required
• 5+ years of experience in one or more of the following areas: security operations, incident response, digital forensics, or threat hunting.
• Experience in alert triage and investigation using SIEM (Security Information and Event Management) solutions such as Microsoft Sentinel, LogRhythm, Chronicle, Splunk, or QRadar.
• Proficient in analysing security logs and alerts from sources like Firewalls, EDR, and AV.
• Working knowledge of developing or refining detection rules on SIEM/EDR platforms, including Sentinel and Chronicle.
• Familiarity with frameworks such as the Cyber Kill Chain and MITRE ATT&CK.
Desirable Skills:
• Experience with at least one SIEM platform.
• Familiarity with SOAR (Security Orchestration, Automation & Response) and EDR platforms.
• Ability to conduct incident investigations independently, based on the Cyber Kill Chain.
• Understanding of the differences between structured and unstructured threat hunting.
• Knowledge of the MITRE ATT&CK framework and its application in threat hunting.
• Understanding of basic networking protocols (DNS, DHCP, SMB, HTTP(s)) and their log analysis and forensic investigation processes.
• Awareness of normal system behaviours and anomalies in both Windows and Linux environments.
• Knowledge of common attack vectors and techniques used by threat actors on these platforms.
• Ability to analyse datasets to identify patterns and anomalies.
• Familiarity with public cloud platforms such as Azure, GCP, and AWS, along with security practices on those platforms.
• Experience with data analytics and visualization tools for detecting patterns and anomalies.
• Basic Python scripting knowledge is desirable but not mandatory.
Salary, Benefits, and Work-Life Balance
We believe in offering a competitive salary and remuneration package that reflects the experience and qualifications of the successful candidate. We welcome CVs from all candidates who meet the requirements, and we are happy to discuss the details of the compensation package.
Admiral takes pride in being a diverse business that prioritises its people and customers. We offer great benefits to ensure our colleagues have an exceptional work-life balance, which is a key reason why we consistently rank as one of Canada’s and the world’s best workplaces. You will have an element of scheduling autonomy to strike an appropriate balance between personal flexibility and business needs.
All colleagues at Admiral are entitled to 34 days of paid time off annually, which includes statutory holidays. As you continue your service with us, the amount of paid time off will increase, up to a maximum of 39 days, including statutory holidays. We believe in providing ample time for rest and rejuvenation.
You can view some of our other key benefits here (https://joinadmiral.ca/employee-benefits/)
Our Commitment to You
Admiral is committed to fostering a diverse and inclusive workplace. We are proud to be an equal opportunities employer and do not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, ability, age, family status, or any other legally protected status. We believe that all qualified applicants should receive equal consideration for employment.