Talent.com
WomenTech Network
Senior Incident Responder - CybersecurityWomenTech Network • Vancouver
Senior Incident Responder - Cybersecurity

Senior Incident Responder - Cybersecurity

WomenTech Network • Vancouver
4 days ago
Job type
  • Full-time
Job description

As a Senior Incident Responder, you will join Sage’s Global Cyber Defence Operations team and take direct ownership of high‑severity security incidents impacting Sage’s systems, data, and customers.



This role is requires experienced incident responders who have already operated beyond SOC or alert triage and have senior experience operating in live, high-pressure security incidents leading complex investigations in real time, where information is incomplete and decisions must be made quickly and containment must be managed across multiple technical teams.



You will own escalated incidents end‑to‑end - from initial scoping of escalation through investigation, containment strategy, remediation coordination, and root‑cause analysis - across Sage’s primarily cloud‑based environment. These incidents span cloud, identity, application, and endpoint telemetry, often requiring you to work across multiple systems and teams to reach resolution.



In addition to incident response, you will contribute to threat hunting, detection improvement, and evolving how Sage detects and responds to attacks at scale.



Location & Hybrid Requirement:

3 days per week from our Vancouver or Toronto office (see working hours below)



Required Work Schedule:

• Monday–Friday, 8:00am–4:00pm PST or 11:00am–7:00pm EST

• Occasional adjusted hours, 6:00am–2:00pm PST, to support UK colleagues during planned PTO

• Participation in a shared on-call rotation, approximately one weekend per month



Minimum Qualifications

• 5+ years of hands-on experience in cybersecurity incident response, including direct involvement in high-severity incident response preferably within a CIRT, CSIRT, MDR, DFIR, cyber defence, or mature security operations environment

• Proven experience acting as the primary owner of escalated, high-severity security incidents after SOC triage, with accountability for investigation, containment strategy, remediation coordination, root-cause determination, and post-incident review

• Experience operating during live security incidents where information is incomplete, requiring investigative direction and containment decisions based on evolving evidence

• Strong proficiency using SIEM and EDR platforms to investigate large volumes of security telemetry

• Hands-on experience investigating security incidents in cloud environments (Azure and/or AWS), including identity compromise, control plane activity, and misuse of cloud services

• Experience investigating incidents across multiple telemetry sources ( SIEM, EDR, cloud-native logs, identity systems, application and service logs) and adapting to unfamiliar data structures and log formats

• Experience conducting forensic investigations to determine root cause and reconstruct attacker activity

• Experience performing threat hunting and developing or tuning detection logic

• Working knowledge of cyber threat intelligence, including attacker tactics, techniques, and procedures (TTPs), and applying intelligence to investigations

• Experience working cross-functionally with Engineering, IT, Cloud Operations, Legal, and Security teams to drive incident containment and remediation

• Ability to work 8:00am to 4:00pm PST hours Monday through Friday and participate in an on-call rotation (1 weekend per month) and operate effectively during time-sensitive incidents







Who is Sage and Why Join?

Sage helps small to medium-sized businesses to succeed with AI-powered Accounting, Finance and ERP software. Knowing that over 6 million of our global customers depend on our solutions, motivates us to keep innovating so they keep growing. Sage Copilot is a prime example.



• Own complex, high‑severity incidents end‑to‑end in a global SaaS environment, not just escalate or advise

• Work across cloud, identity, and application layers with real business impact, not high‑volume alert triage

• Influence how detection and response evolve over time, not just close tickets

• Join a stable, product‑focused environment with fewer context switches and deeper system ownership
Key Responsibilities

• Lead escalated, high-severity incident investigations from scoping through containment, remediation, recovery, and root-cause analysis

• Determine incident scope and impact across identities, systems, services, cloud environments, applications, and affected assets

• Analyze cloud-native telemetry, SIEM, EDR, NDR, identity logs, application/service logs, and endpoint data where relevant

• Conduct forensic analysis to reconstruct attacker activity and understand how the incident occurred

• Coordinate containment and remediation with Product Engineering, IT, Cloud Operations, Legal, and other cybersecurity teams

• Communicate clear incident findings, risks, actions, and status updates to technical and non-technical stakeholders

• Perform proactive and hypothesis-driven threat hunting across cloud, identity, endpoint, server, and application environments

• Apply threat intelligence to prioritize investigations and improve detection coverage

• Tune detections and improve investigation workflows, incident response playbooks, and response procedures

• Lead cyber defence workstreams within larger security initiatives



Benefits? We have plenty...

• 100% paid premiums for health, dental, and vision coverage

• RRSP contribution match (100% up to 4%)

• 35 days paid time off (11 holidays, 16 vacation days, 3 personal days, 5 sick days)

• Work Away, an opportunity to work & play for 10 weeks in a country of your choice (from a Sage-approved list)

• 18 weeks of paid parental leave for birth, adoption, or surrogacy offered 1 year after your start date

• 5 days paid yearly to volunteer (through Sage Foundation)

• $5,250 tuition reimbursement per calendar year starting 6 months after your hire date

• Sage Wellness Rewards Program (annual fitness reimbursement)

• Library of on-demand career development options and ongoing training offerings



Compensation offered will be determined by factors such as location, level, job-related knowledge, education, and experience. Certain provinces in Canada require job postings to include a reasonable estimate of the salary range applicable to the role. For this role, in those locations, the target base salary range for new hires is C$140,000 to C$170,000. In addition to base salary, employees will participate in a bonus plan (20%) based on company and individual performance. Our talent acquisition team will provide specific opportunities on our bonus or incentive programs. The range listed is just one component of the Sage total compensation package.



#LI-CH1

Create a job alert for this search

Senior Incident Responder - Cybersecurity • Vancouver

Similar jobs

Senior Cybersecurity Analyst — Architecture & Threat Response

Surrey Police ServiceSurrey, Metro Vancouver Regional District, CA
Full-time

A law enforcement agency in Canada is seeking a Cybersecurity Analyst 3 to manage information security architecture and governance.This role involves developing security standards, conducting compl... Show more

 • Promoted

Onsite Senior Cybersecurity Analyst — Incident Response

lululemonVancouver
Full-time

A leading performance apparel company is seeking a Staff Cybersecurity Analyst in Vancouver.The role involves driving cybersecurity initiatives, mentoring teams, and leading incident response effor... Show more

 • Promoted

X-Force Incident Response Consultant Associate (September 2026 - Calgary, Toronto, Ottawa, Mont[...]

IBMVancouver, Metro Vancouver Regional District, CA
Full-time

A career in IBM Consulting is rooted in long-term relationships and close collaboration with clients across the globe.Curiosity and a constant quest for knowledge serve as the foundation for succes... Show more

 • Promoted

Remote Solutions Consultant II — Cybersecurity

Palo Alto NetworksVancouver, Metro Vancouver Regional District, CA
Remote
Full-time

A leading cybersecurity firm seeks a Solutions Consultant to drive customer adoption of its security solutions.You will leverage your expertise in pre-sales and networking to meet sales quotas and ... Show more

 • Promoted

Senior Consultant – Dayforce WFM - delta

OnActuatedelta, bc, ca
Full-time

At OnActuate, we cultivate talent from around the globe to deliver Microsoft and Dayforce solutions to customers across public, private, and non-profit sectors.Being People First is our core value,... Show more

 • Promoted

Global Therapist: Integrated Critical Incident Response (ICIR)

Spring HealthVancouver, Metro Vancouver Regional District, CA
Full-time

Global Therapist: Integrated Critical Incident Response (ICIR).Location: Brandon, Manitoba, Canada.Our mission: to eliminate every barrier to mental health.At Spring Health, we’re on a mission to r... Show more

 • Promoted

Operational Technology Cybersecurity Expert

WSP in CanadaVancouver
Full-time

Join as an Operational Technology Cybersecurity Expert, focusing on safeguarding energy systems.Leverage your expertise in cybersecurity to enable safe digital transformation in critical infrastruc... Show more

 • Promoted

Cybersecurity Analyst - Drive Security Ops & Incident Response

Capilano UniversityNorth Vancouver, Metro Vancouver Regional District, Canada
Full-time

A higher education institution in North Vancouver seeks a Cybersecurity Analyst to oversee and enhance cybersecurity operations.The ideal candidate will have over 3 years of relevant experience, in... Show more

 • Promoted • New!

Cloud & Dedicated Hosting Provider Senior Ops. Architect - delta

\"RMS\" Retail Marketing Solutions LLCdelta, bc, ca
Full-time +1

Retail Marketing Solutions LLC “RMS”) is a Global Operations Agency specializing in:.Business Infrastructure and Practices Consultation).Domains | VPS & Dedicated Servers | Infrastructure Managemen... Show more

 • Promoted

Remote Portfolio Management Expert ($100/hr) - delta

Turingdelta, bc, ca
Remote
Full-time

Based in San Francisco, California, Turing is the world’s leading research accelerator for frontier AI labs and a trusted partner for global enterprises deploying advanced AI systems.Turing support... Show more

 • Promoted

Senior DevOps Engineer with Expertise in Cloud and Incident Management

RipplingVancouver, Metro Vancouver Regional District, CA
Full-time

Advance your career as a Senior DevOps Engineer, focusing on optimizing corporate IT through security and automation.This role emphasizes autonomy within cloud-native environments while significant... Show more

 • Promoted

Bilingual Manager Life & Disability Claim Management - delta

Empire Lifedelta, bc, ca
Full-time +2

Bilingual Manager Life and Disability Claims Management.Location: Remote anywhere in Canada or Hybrid if close to an office.The total target compensation (TTC) range, including salary and target bo... Show more

 • Promoted

Senior Incident Response Consultant at CrowdStrike

CrowdStrikeVancouver, Metro Vancouver Regional District, CA
Full-time

Join CrowdStrike as a Senior Incident Response Consultant and play a critical role in modern cybersecurity.This position allows you to shape responses to sophisticated cyber threats.We are looking ... Show more

 • Promoted

SRE Incident Response Engineer

XsollaVancouver, British Columbia, Canada
Full-time

A global commerce company based in Canada is seeking an Operations Engineer to monitor the GTO Operational Dashboard, triage incidents, and ensure the smooth operation of production systems.The ide... Show more

 • Promoted

Senior/ Lead - AI Engineer

FICOdelta, bc, ca
Full-time

As a Senior Engineer on our Applied AI team, you will be at the forefront of building AI-powered software that transforms how our platform operates.You will design, build, and maintain production-g... Show more

 • Promoted

Team Lead, CSOC

Global RelayVancouver
Full-time

The Information Security Team Lead for the Cyber Security Operations Center (CSOC) leads a team of Cyber Security Specialists and serves as the primary escalation point for security events and inci... Show more

 • Promoted

Enterprise Cybersecurity Solutions Architect

Insight GlobalVancouver
Full-time

A leading cybersecurity firm in Canada is seeking a Cybersecurity Solution Architect to focus on design, requirements gathering, and architectural governance.The ideal candidate will have 4–5+ year... Show more

 • Promoted

Ciso: Lead Cybersecurity For A Community Nonprofit - $160,000 - $180,000 A Year

Jewish VancouverVancouver, Canada
Full-time

The CISO will develop and implement a comprehensive cybersecurity program for a community organization in Vancouver.Salary range is $160,000-$180,000. Show more

 • Promoted

Senior Information Technology Project Manager - delta

NEOGOVdelta, bc, ca
Full-time

This role is a CONTRACT & REMOTE from anywhere in Canada ***.Senior PMO Manager – Product Delivery(SaaS/Remote/Contract).NEOGOV is a proud SaaS leader in the Public Sector for HR, Recruiting, emplo... Show more

 • Promoted

Remote Senior SOC Analyst for Threat Detection and Incident Management

TreantlyVancouver, Metro Vancouver Regional District, CA
Remote
Full-time

Shape cybersecurity efforts as a Senior SOC Analyst, proficient in threat detection and incident response.Lead remote operations to tackle complex security challenges while mentoring junior analyst... Show more