Lead SOC Analyst

IFS is a billion-dollar revenue company with 7000+ employees on all continents. Our leading AI technology is the backbone of our award-winning enterprise software solutions, enabling our customers to be their best when it really matters–at the Moment of Service™. Our commitment to internal AI adoption has allowed us to stay at the forefront of technological advancements, ensuring our colleagues can unlock their creativity and productivity, and our solutions are always cutting-edge.

At IFS, we’re flexible, we’re innovative, and we’re focused not only on how we can engage with our customers but on how we can make a real change and have a worldwide impact. We help solve some of society’s greatest challenges, fostering a better future through our agility, collaboration, and trust.

We celebrate diversity and understand our responsibility to reflect the diverse world we work in. We are committed to promoting an inclusive workforce that fully represents the many different cultures, backgrounds, and viewpoints of our customers, our partners, and our communities. As a truly international company serving people from around the globe, we realize that our success is tantamount to the respect we have for those different points of view.

By joining our team, you will have the opportunity to be part of a global, diverse environment; you will be joining a winning team with a commitment to sustainability; and a company where we get things done so that you can make a positive impact on the world.

We’re looking for innovative and original thinkers to work in an environment where you can #MakeYourMoment so that we can help others make theirs. With the power of our AI-driven solutions, we empower our team to change the status quo and make a real difference.

If you want to change the status quo, we’ll help you make your moment. Join Team Purple. Join IFS.

Position Summary 

The Senior Security Operations Center (SOC) Analyst at Copperleaf plays a critical role in protecting our global SaaS platform, internal systems, and customer environments. This role requires deep technical expertise in cloud‑centric security operations, advanced detection and response, and strong familiarity with enterprise technologies that support Copperleaf’s product ecosystem and operational security. 

Senior Analysts lead complex investigations, support continuous operational improvement, and strengthen our ability to rapidly detect and respond to threats targeting cloud workloads (Azure), identity systems (Azure AD/Entra ID), clusters, endpoint platforms, and customer‑integrated data pipelines. This role also mentors junior analysts and collaborates closely with Security Engineering, CloudOps, IT, and Incident Response to improve detection logic, logging visibility, automation, and resiliency across Copperleaf’s environment. 

Key Responsibilities 

Leadership & Team Support 

• Act as a senior escalation point for SOC investigations, providing guidance aligned to Copperleaf’s security architecture and operational practices. 

• Mentor junior analysts and help drive team maturity in cloud security, detection engineering, and SaaS‑specific monitoring. 

• Recommend training and process enhancements to support ongoing professional development. 

• Participate in tabletop exercises tailored to Copperleaf’s product, cloud, and operational risk scenarios. 

Security Monitoring & Incident Response 

• Lead investigations into security alerts across Copperleaf’s Azure‑hosted environments, identity systems, corporate endpoints, and product infrastructure. 

• Support incident response activities including containment, remediation, documentation, and lessons‑learned. 

• Analyze logs from Azure Monitor, Entra ID, Kubernetes clusters, application services, and customer‑facing integrations. 

• Create detections mapped to MITRE ATT&CK for cloud and SaaS environments. 

• Maintain and improve SOC playbooks and SOPs specific to Copperleaf’s operational, compliance, and customer commitments. 

• Recommend tuning of cloud-native and third‑party detection tools to reduce false positives. 

• As part of your role, you may be required to participate in an on‑call rotation to support business‑critical operations outside of standard working hours.

Threat Intelligence, Detection Engineering & Automation 

• Track emerging threats relevant to SaaS providers, cloud platforms, Kubernetes, identity infrastructure, and AI‑driven attack techniques. 

• Conduct proactive threat hunting across cloud workloads, identity logs, endpoints, and product telemetry. 

• Develop and refine KQL queries, automation workflows, and SOAR playbooks. 

• Evaluate logging coverage across Azure, product services, and corporate systems, ensuring alignment to Copperleaf’s observability standards. 

Cross‑Functional Collaboration 

• Collaborate with Security Engineering, CloudOps, IT, and Platform teams to enhance detection capabilities and ensure appropriate telemetry. 

• Contribute to operational KPIs, metrics, and reporting used for Copperleaf leadership updates. 

• Share insights, documentation, and best practices to support overall team improvement. 

• Partner with CloudOps and Engineering on secure configuration, operational visibility, and incident readiness. 

Skills & Experience Requirements 

• 5+ years of SOC monitoring, cloud‑focused incident response, or cybersecurity experience. 

• Strong understanding of threats targeting SaaS platforms, Azure cloud environments, Kubernetes, and enterprise identity systems. 

• Proficiency in scripting languages (Python, Bash, PowerShell, JavaScript) and KQL for advanced log analysis. 

• Hands‑on experience with SIEM, SOAR, EDR/XDR, threat intel platforms, cloud security tooling, and identity security controls. 

• Familiarity with frameworks and regulations relevant to Copperleaf (ISO 27001, SOC 2, NIST CSF, CIS Controls, GDPR). 

• Expertise with Windows, macOS, and Linux systems. 

Education Requirements 

• Bachelor's degree preferred in cybersecurity, computer science, engineering, or related fields. 

Certification Requirements 

Preferred certifications include: 

• GIAC Certified Incident Handler (GCIH) 

• GIAC Defending Advanced Threats (GDAT) 

• GIAC Certified Enterprise Defender (GCED) 

• Microsoft Certified SOC Analyst 

• CISSP 

• Azure Security Engineer (AZ‑500) — strongly preferred for cloud‑focused operations 

What We’re Offering

• Salary Range: $95,000 CAD -$115,000 CAD+ Bonus
• Permanent, Full-time
• Flexible paid time off, including sick and holiday 
• Medical, dental, & vision insurance 
• RRSP Company contribution 
• Life insurance and disability benefits 
• Tuition assistance 
• Community involvement and volunteering events

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles, while also valuing inclusive workplace experiences. By fostering a sense of community, we drive innovation, strengthen connections, and nurture belonging. Our commitment ensures you can work in a way that suits you best, while also engaging with colleagues to share ideas and build meaningful relationships.