Description
Role Summary
We are seeking a Contract Security Analyst with hands-on experience across Netskope SSE, Microsoft Purview (full DLP), Microsoft Defender, and Arctic Wolf MDR. This role blends security operations, incident response, and data loss prevention engineering, supporting both daytoday alert handling and continuous improvement of detection and data protection controls.
The analyst will act as a key technical partner to internal IT teams and the Arctic Wolf SOC, helping reduce risk, improve signal quality, and ensure strong visibility and control over cloud usage and sensitive data.
Key Responsibilities
1. Security Monitoring, Investigation & Incident Response
- Monitor, triage, and investigate security alerts originating from:
- Arctic Wolf MDR
- Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps)
- Netskope SSE (SWG, CASB, ZTNA, Threat Protection, DLP)
- Perform incident response activities including:
- Alert validation, scoping, and root-cause analysis
- Endpoint, identity, cloud, and SaaS activity investigation
- Containment actions (account suspension, device isolation, session revocation, policy enforcement)
- Work closely with Arctic Wolf on:
- Case escalations and response coordination
- Validation of detections and recommended actions
- Produce clear incident documentation, including:
- Timelines, affected assets, impact assessment, and remediation steps
2. Detection Engineering & Alert Tuning (NonSIEM)
- Tune and optimize detections and policies directly within:
- Microsoft Defender portals (no Sentinel)
- Netskope security and DLP policies
- Arctic Wolf escalation criteria and response workflows
- Reduce alert fatigue by:
- Eliminating false positives
- Aligning severity with business impact
- Improving investigation context and signal fidelity
- Contribute to detection coverage for:
- Identity compromise and OAuth abuse
- Malware, ransomware, and lateral movement
- Risky SaaS usage and anomalous cloud behavior
- Data exfiltration and policy violations
3. Data Loss Prevention & Information Protection
- Administer and enhance Microsoft Purview Information Protection and DLP, including:
- Sensitivity labels and label policies
- DLP policies across Exchange, SharePoint, OneDrive, and Teams
- Alert triage and incident follow-up for DLP eventsup for DLP events
- Design, implement, and tune Netskope DLP:
- Inline and at rest controls across web and cloud appsrest controls across web and cloud apps
- Classification, fingerprinting, and structured/unstructured data detection
- Partner with business and privacy stakeholders to:
- Translate data protection requirements into enforceable controls
- Implement exception handling and user education workflows
- Balance risk reduction with business usability
- Track and report on DLP effectiveness and trends
4. Netskope SSE Platform Operations
- Support the full Netskope SSE stack, including:
- Secure Web Gateway (SWG)
- CASB (managed and unmanaged apps)
- ZTNA
- Threat Protection
- DLP
- Monitor policy health, coverage, and enforcement effectiveness
- Identify and remediate gaps in visibility, control, or logging
- Support investigations involving risky apps, shadow IT, and cloud misuse
5. Platform Hygiene, Documentation & Reporting
- Validate security tool coverage and operational health:
- Endpoint onboarding and Defender health
- Identity and SaaS integrations
- Logging completeness and alert flow
- Develop and maintain:
- Incident response playbooks
- DLP and investigation runbooks
- Operational procedures and escalation paths
- Produce actionable reporting for leadership:
- Incident trends, alert quality, DLP metrics, and risk themes
- Support knowledge transfer and operational maturity improvements
Required Skills and Experience
- 3–5+ years in a Security Analyst, SOC, or Incident Response role
- Hands-on experience with:
- Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps)
- Microsoft Purview (Information Protection and full DLP)
- Netskope (SWG, CASB, ZTNA, DLP, Threat Protection)
- Arctic Wolf MDR (case handling, escalations, collaboration)
- Strong understanding of:
- Cloud and SaaS security threats
- Identity-based attacks and phishing
- Data protection and regulatory considerations
- Incident response lifecycle and MITRE ATT&CK concepts
- Ability to clearly document findings and communicate with both technical and nontechnical stakeholders
Nice-to-Have Qualifications
- Experience with:
- Defender XDR Advanced Hunting
- Security policy design for large M365 environments
- SaaS governance and cloud risk management
- Certifications (preferred but not required):
- SC200, SC400, AZ500, Security+, or equivalent
What Success Looks Like
Within the first 60 days, the contractor is expected to:
- Reduce alert noise through documented tuning improvements
- Improve clarity and consistency of incident response processes
- Deliver measurable improvements in DLP signal quality
- Ensure full coverage and operational health across Defender, Netskope, and Purview
- Leave behind clear documentation and operational artifacts
Don’t meet every single requirement? That’s okay. We encourage you to apply anyway. We believe in investing in potential and supporting our team members as they grow into their roles. If this opportunity excites you, but your experience doesn’t align perfectly, we still want to hear from you.
Benefits
As an employee at Embark you will benefit from so many great employee perks…
🌍 Flexible Ways of Working: Design your workday around what matters most. With flexible hours, you can balance work with all the other important things in life. And, with our Remote Work Arrangement, you can work from anywhere in the world for part of the year—whether that’s a beach in Bali or your cozy cabin in Muskoka.
💪 Health & Wellbeing Support: Your wellbeing is our priority. Enjoy fitness reimbursements, paramedical coverage, and a generous health spending account. Recharge with Embark Wellness Days and wellness-focused afternoons, and access extended mental health support whenever you need it.
🚀 Career Development That Moves You Forward: Fuel your growth with funding for courses, certifications, and conferences. Explore new horizons through job rotations and secondments, and benefit from ongoing coaching and personalized development planning that keeps your career moving. At Embark, people stick around for the long-haul.
🎓 RESP Matching — Because Futures Matter: We don’t just talk about education—we invest in it. On top of RRSP matching, you’ll receive RESP matching to help your loved ones pursue their post-secondary dreams.
🎉 Fun Is Part of the Job: We take fun seriously. From themed parties and surprise treat days to team socials that actually make you want to show up, we create moments that spark joy, build connection, and make work feel like more than just work.
Recent Awards
Not All Fintechs Are Created Equal — Embark on Something Bigger
At Embark, we’re redefining what it means to be a fintech with purpose. Our mission is simple but powerful: help more Canadians achieve their education goals.
Through our innovative digital platform for RESPs, we’ve eliminated the red tape and complexity of traditional banking. Now, families can open an RESP, manage their investments, and unlock government grants—all from home, in minutes.
We don’t just talk about impact—we deliver it. Over the past 60 years, we’ve reinvested over $60 million into scholarships and supported more than 850,000 students in pursuing post-secondary education.
Joining Embark means more than building your career—it means building Canada’s future generation.
If you’re driven by purpose, inspired by innovation, and ready to make a difference, we’d love to meet you. We are continuously evolving how we work, and we want we want you to join us on our journey.
Let’s help Canadians dream bigger—and achieve more.
