Senior Cybersecurity Specialist - IR

Sage Voir toutes les offres

  • Vancouver, BC
  • Permanent
  • Temps-plein
  • Il y a 1 mois
As a Senior Cybersecurity Specialist (Tier 3), you will join Sage's Global Cyber Defence team and play a key role in protecting Sage's systems, data, and customers.This is a hands-on senior technical role focused on advanced incident response and complex security investigations, including incident investigation, containment, remediation, and post-incident analysis. You will respond to complex and escalated security incidents while strengthening Sage's detection and response capabilities.You will own and lead investigations of medium to critical security incidents, perform forensic analysis, and proactively hunt for indicators of compromise across cloud and on-premises environments. You will also improve detection rules, develop response playbooks, and refine operational processes that strengthen Sage's cyber defence capabilities.You will partner with Product Engineering, IT, Cloud Operations, Legal, and other cybersecurity teams to lead investigations and drive remediation across Sage's global environment.Minimum Qualifications:
  • 3-5 years of hands-on cybersecurity experience responding to high-severity and complex security incidents, including leading end-to-end investigations of complex security incidents, including scoping, deep analysis, coordinated containment, remediation, and root-cause determination across cloud and hybrid environments
  • Proficiency using SIEM and EDR platforms to investigate security events and analyze large volumes of security telemetry
  • Experience performing threat hunting and developing or tuning detection logic
  • Knowledge of cyber threat intelligence practices, including analyzing attacker tactics and techniques and applying intelligence to improve detections and investigations
  • Experience conducting incident investigations and forensic analysis to determine root cause and reconstruct attacker activity
  • Experience investigating incidents in cloud environments (Azure, AWS, or GCP) including identity systems, logging, and cloud-native telemetry
  • Experience working cross-functionally with engineering, IT, cloud operations, legal, and security teams to drive remediation
  • Ability to work the required schedule and participate in the on-call rotation
Ideal/Bonus Qualifications
  • Experience investigating application-layer attacks, abuse cases, or SaaS platform threats
  • Advanced knowledge of cybersecurity and information security control best practices
  • Certifications such as CISSP, SANS, or incident response, threat hunting, or forensics certifications
Work Schedule:
Monday-Friday, 8:00am - 4:00pm PST
Occasional adjusted hours (6:00am - 2:00pm PST) when covering UK colleagues during planned PTO. Participation in a shared on-call rotation (one weekend per month)Location:
Hybrid; 3 days per week from our Vancouver office and 2 days from homeWho is Sage?
Sage is a global B2B SaaS helping small to medium-sized businesses to succeed with AI-powered Accounting & ERP software. Knowing that over 6M of our global customers depend on our solutions, motivates us to keep innovating so they keep growing. Sage Copilot is a prime exampleYou'll have the opportunity expand your skills and grow your career at a stable SaaS with products voted #1 in customer satisfaction for 10 consecutive years. Collaborate with a globally diverse, customer-focused teams that embrace innovation, bold thinking, and impactful work. Our culture is built on doing the right thing-guided by our values: Human, Trust, Bold, and Simplify. We support work-life balance and encourage giving back through the Sage Foundation, offering every employee 40 paid volunteer hours per year to make a difference in our communities.Key Responsibilities Key Responsibilities
  • Own and lead investigations of complex security incidents to ensure rapid containment, effective remediation, and secure recovery
  • Perform proactive and hypothesis-driven threat hunting across endpoints, servers, cloud environments, and applications to identify malicious behaviour and emerging threats
  • Develop and improve detection logic, alert tuning, and investigation workflows to enhance threat visibility and reduce false positives
  • Apply threat intelligence to strengthen detection capabilities and prioritize investigations
  • Conduct incident investigations and forensic analysis to determine root cause and reconstruct attacker activity
  • Take ownership of complex investigations and drive remediation efforts through to resolution
  • Improve incident response playbooks, procedures, and operational processes
  • Lead cyber defence workstreams within larger security initiatives
  • Mentor junior team members and support knowledge sharing across the team
  • Investigate complex security alerts and confirmed incidents across SIEM, EDR, NDR, and cloud security platforms
Benefits? We have plenty...
  • 100% paid premiums for health, dental, and vision coverage​
  • RRSP contribution match (100% up to 4%)​
  • 35 days paid time off (11 holidays, 16 vacation days, 3 personal days, 5 sick days)​
  • Work Away, an opportunity to work & play for 10 weeks in a country of your choice (from a Sage-approved list)
  • 18 weeks of paid parental leave for birth, adoption, or surrogacy offered 1 year after your start date​
  • 5 days paid yearly to volunteer (through Sage Foundation)​
  • $5,250 tuition reimbursement per calendar year starting 6 months after your hire date​
  • Sage Wellness Rewards Program (annual fitness reimbursement)​
  • Library of on-demand career development options and ongoing training offerings​
Compensation offered will be determined by factors such as location, level, job-related knowledge, education, and experience. Certain provinces in Canada require job postings to include a reasonable estimate of the salary range applicable to the role. For this role, in those locations, the target base salary range for new hires is C$135,000 to C$145,000. In addition to base salary, employees will participate in a bonus plan (20%) based on company and individual performance. Our talent acquisition team will provide specific opportunities on our bonus or incentive programs. The range listed is just one component of the Sage total compensation package.#LI-CH1Function Global Information SecurityCountry CanadaOffice Location VancouverWork Place type HybridAdvert Working at Sage means you're supporting millions of small and medium sized businesses globally with technology to work faster and smarter. We leverage the future of AI, meaning business owners spend less time doing routine tasks, like entering invoices and generating reports, and more time pursuing their ambitions.Our colleagues are the best of the best. Because to achieve extraordinary outcomes, we need extraordinary teams. This means infusing Sage with people who knock down barriers, continuously innovate, and want to experience their potential.
Learn more about working at Sage:
Watch a video about our culture:We celebrate individuality and welcome you to join us if you embrace all backgrounds, identities, beliefs, and ways of working. If you need support applying, reach out at .
Learn more about DEI at Sage:

Sage