MONTREAL [Hybrid] - Senior Security Analyst L3

MONTREAL [Hybrid] - Senior Security Analyst L3

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from QUANTEAM (RAINBOW PARTNERS Group)

About the Company:

As the founding entity of RAINBOW PARTNERS, Quanteam is a consulting firm specializing in Banking, Finance, and Financial Services. Guided by our core values of closeness, teamwork, diversity, and excellence, our team of 1,000 expert consultants, representing 35 different nationalities, collaborates across 10 international offices: Paris, Lyon, New York, Montreal, London, Brussels, Geneva, Lisbon, Porto, and Casablanca.

We are currently seeking a Senior Security Analyst (L3) to join one of our clients in the financial sector, a major international bank based in Montreal.

Role Overview:

The Level III Cybersecurity Analyst (SOC L3) is a senior member of a 24x7 Security Operations Center, responsible for advanced threat detection, in-depth incident investigation, and response to complex and high-impact security incidents targeting critical systems and infrastructure.

This role goes beyond alert handling and focuses on root cause analysis, threat hunting, detection engineering, and continuous improvement of SOC capabilities. The L3 Analyst acts as a technical reference for the SOC, providing guidance to L1/L2 analysts and contributing to the organization’s overall security posture.

Key Responsibilities

• Lead the investigation and response to complex and high-severity security incidents, including advanced persistent threats (APT), lateral movement, and sophisticated malware activity.
• Perform deep-dive analysis using SIEM platforms (e.g., Splunk, ELK) and other security tools to identify root causes and attacker behaviors.
• Act as an escalation point for L1/L2 analysts, providing technical guidance, validation of findings, and recommended remediation actions.
• Develop, optimize, and maintain SIEM use cases, detection rules, dashboards, and alerts to improve threat visibility and reduce false positives.
• Conduct threat hunting activities based on intelligence, hypotheses, and observed attacker techniques.
• Leverage scripting and automation (e.g., Python, Bash) to support investigations, data enrichment, and SOC efficiency.
• Provide expert-level analysis of logs, network traffic, endpoint activity, and forensic artifacts.
• Collaborate with internal teams (IR, Network, Infrastructure, Cloud, IAM) and external partners as required during incident response.
• Contribute to post-incident reviews, lessons learned, and recommendations to improve security controls and processes.
• Maintain a strong understanding of the organization’s technical architecture, attack surface, and evolving threat landscape.
• Support SOC projects, tooling improvements, and security initiatives.
• Ensure accurate documentation of incidents, investigations, and technical findings.
• Participate in on-call or shift rotations as required to support 24/7 operations.
• Adhere to all internal security policies, standards, and procedures.

Required Qualifications and Skills

• Minimum 5 years of experience in a Security Operations Center (SOC) or equivalent cybersecurity role.
• Strong hands‑on expertise with SIEM platforms, such as Splunk and/or ELK, including query writing, correlation rules, and dashboards.
• Advanced knowledge of security technologies, including network security (firewalls, IDS/IPS, proxies, VPNs), endpoint security solutions (EDR/XDR), and email security and data protection tools.
• Strong understanding of incident response processes, log analysis, and network traffic analysis (PCAP).
• Solid knowledge of network protocols and architectures, including the OSI model, TCP/IP, DNS, HTTP/S, and SMTP.
• In-depth understanding of attack techniques and threat actor behaviors, aligned with frameworks such as MITRE ATT&CK.
• Proven experience working with Windows and Linux environments, including the detection of compromise and abnormal behavior.
• Strong scripting skills (Python, Bash) used for automation and investigation support.
• Demonstrated security mindset, with a proactive and adversarial approach to threat detection and defense.
• Ability to analyze complex security events and clearly communicate findings to both technical and non-technical stakeholders.
• Strong analytical, problem‑solving, and decision‑making skills under pressure.
• Capability to mentor junior analysts and contribute to SOC maturity.
• Awareness of adjacent security domains (Forensics, Threat Intelligence, Vulnerability Management, Red Team).
• Ability to manage multiple investigations simultaneously in a high‑paced environment.
• Strong collaboration and communication skills.

Working conditions

• Candidate must be located or willing to relocate to Montreal.
• Hybrid: 3 days on‑site per week.
• Participating in on‑call and support hours.
• Possibility to work on the morning or day shift, participating in weekend operations.
• Fluency in English required.

Seniority level: Mid‑Senior level

Employment type: Full‑time

Job function: Consulting and Engineering

Industry: Investment Banking