Lead SOC Analyst

IFS is a billion-dollar revenue company with 7000+ employees on all continents. Our leading AI technology is the backbone of our award-winning enterprise software solutions, enabling our customers to be their best when it really matters–at the Moment of Service™. Our commitment to internal AI adoption has allowed us to stay at the forefront of technological advancements, ensuring our colleagues can unlock their creativity and productivity, and our solutions are always cutting-edge.

At IFS, we’re flexible, we’re innovative, and we’re focused not only on how we can engage with our customers but on how we can make a real change and have a worldwide impact. We help solve some of society’s greatest challenges, fostering a better future through our agility, collaboration, and trust.

We celebrate diversity and understand our responsibility to reflect the diverse world we work in. We are committed to promoting an inclusive workforce that fully represents the many different cultures, backgrounds, and viewpoints of our customers, our partners, and our communities. As a truly international company serving people from around the globe, we realize that our success is tantamount to the respect we have for those different points of view.

By joining our team, you will have the opportunity to be part of a global, diverse environment; you will be joining a winning team with a commitment to sustainability; and a company where we get things done so that you can make a positive impact on the world.

We’re looking for innovative and original thinkers to work in an environment where you can #MakeYourMoment so that we can help others make theirs. With the power of our AI-driven solutions, we empower our team to change the status quo and make a real difference.

If you want to change the status quo, we’ll help you make your moment. Join Team Purple. Join IFS.

Position Summary 

The Security Operations Lead (Lead SOC Analyst) at Copperleaf plays a critical role in protecting our global SaaS platform, internal systems, and customer environments. This role combines deep technical expertise in security operations, detection and response, and enterprise vulnerability management. 

This individual functions as a technical team lead and senior escalation point, providing direction, mentorship, and operational leadership to a team of SOC analysts while working cross-functionally across Security Architecture, R&D, CloudOps, and IT. While this is not a direct people management role, it requires strong leadership, influence, and accountability for driving operational excellence and team maturity. 

The role is responsible for developing, enhancing, and executing security operations and vulnerability management capabilities, including building new processes, implementing tools, and contributing to the broader security roadmap.  

Key Responsibilities  

Leadership & Team Support  

• Act as the technical lead and primary escalation point for Security Operations and Vulnerability Management. 
• Provide mentorship and guidance to intermediate analysts, supporting capability development and operational consistency. 
• Drive team maturity, process standardization, and operational excellence across detection, response, and remediation functions. 
• Lead by influence across teams, ensuring alignment without direct reporting authority. 
• Contribute to performance metrics, KPIs, and reporting for leadership visibility. 

Security Monitoring & Incident Response  

• Lead complex investigations across AWS & Azure environments, identity systems, endpoints, and SaaS infrastructure. 
• Oversee incident response activities including containment, remediation, and post-incident analysis. 
• Enhance SOC playbooks, SOPs, and detection logic to improve response efficiency and effectiveness. 
• Drive ongoing improvements in logging, monitoring coverage, and alert fidelity. 

Vulnerability Management  

• Lead the end-to-end vulnerability management lifecycle including identification, prioritization, tracking, remediation, and validation across: 
• Cloud environments (AWS, Azure) 
• Applications and SaaS platforms 
• Infrastructure, endpoints, and third-party systems 
• Partner with IT, CloudOps, R&D, and Security Architecture to reduce attack surface and ensure timely remediation. 
• Prioritize vulnerabilities based on business risk, exploitability, and threat intelligence (e.g., KEV, CVSS, EPSS). 
• Establish and maintain repeatable, scalable vulnerability management processes and tooling. 
• Develop metrics and reporting on vulnerability posture, remediation SLAs, and risk exposure. 

Threat Intelligence, Detection Engineering & Automation  

• Develop and tune detection logic mapped to MITRE ATT&CK across cloud and SaaS environments. 
• Design and implement automation workflows, playbooks, and operational tooling improvements. 
• Evaluate and optimize use of SIEM, EDR/XDR, and cloud-native security tools. 
• Drive continuous improvement through tool rationalization, automation, and innovation initiatives. 
• Track emerging threats relevant to SaaS providers, cloud platforms, Kubernetes, identity infrastructure, and AI‑driven attack techniques.  
• Conduct proactive threat hunting across cloud workloads, identity logs, endpoints, and product telemetry.   

Cross‑Functional Collaboration  

• Collaborate closely with Security Architecture, R&D, CloudOps, IT, and Platform teams. 
• Support secure design, operational visibility, incident readiness, and remediation coordination. 
• Communicate risks, trends, and recommendations to both technical and business stakeholders.  

Skills & Experience Requirements 

• 8+ years of experience in security operations, incident response, vulnerability management, or related cybersecurity roles. 
• Demonstrated experience functioning as a technical lead or team lead within a SOC or security operations environment. 
• Strong experience with: 
• Cloud platforms (AWS and Azure) 
• Vulnerability management tools and methodologies 
• SIEM (Rapid7 preferred), SOAR, EDR/XDR 
• Deep understanding of: 
• Threat landscape (cloud, SaaS, identity) 
• Vulnerability frameworks (CVSS, MITRE ATT&CK, KEV, OWASP) 
• Experience building or improving security processes, tooling, and operational capabilities. 
• Strong cross-functional collaboration and stakeholder management skills.  
• Proficiency in scripting languages (Python, Bash, PowerShell, JavaScript) and KQL for advanced log analysis.  
• Familiarity with frameworks and regulations relevant to Copperleaf (ISO 27001, SOC 2, NIST CSF, CIS Controls, GDPR).  
• Expertise with Windows, macOS, and Linux systems.  

Education Requirements 

• Bachelor's degree preferred in cybersecurity, computer science, engineering, or related fields. 

Certification Requirements 

Preferred certifications include: 

• GIAC Certified Incident Handler (GCIH) 
• GIAC Defending Advanced Threats (GDAT) 
• GIAC Certified Enterprise Defender (GCED) 
• Microsoft Certified SOC Analyst 
• CISSP 
• Azure Security Engineer (AZ‑500) — strongly preferred for cloud‑focused operations 

What We’re Offering

• Salary Range: $95,000 CAD -$125,000 CAD+ Bonus
• Permanent, Full-time
• Flexible paid time off, including sick and holiday 
• Medical, dental, & vision insurance 
• RRSP Company contribution 
• Life insurance and disability benefits 
• Tuition assistance 
• Community involvement and volunteering events

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles, while also valuing inclusive workplace experiences. By fostering a sense of community, we drive innovation, strengthen connections, and nurture belonging. Our commitment ensures you can work in a way that suits you best, while also engaging with colleagues to share ideas and build meaningful relationships.