Principal Analyst

Talion are looking for an individual to join the Principal Analyst team, able to provide expertise on Security incident escalations and to assist with the progression of security related projects. Talion delivers a range of outsourced cyber security services with a particular focus on protecting organisations that are threatened by sophisticated targeted attacks. The Security Operations Team has operational responsibility for all in-life services delivered to customers across a wide variety of market sectors.

The remit of a Principal Analyst can vary wildly from week to week and may be dependent on; what security incidents are affecting clients, what is happening in the threat landscape as well as what projects Talion require security expertise and assistance with. The successful individual will be expected to throw themselves into not only learning new platforms and processes but become the expert within Talion on certain aspects.

This role will be remote, however, we are looking for individuals based in Toronto (Canada) to extend time zone coverage.

Specific Accountabilities and Responsibilities

As a Principal Analyst, you will join a team responsible for providing security advice and expertise to internal teams and clients alike. You will also provide assistance to many key projects that Talion are working on

• Provide security advice and expertise to internal teams and clients alike.
• Provide assistance and guidance on key internal projects.
• Act as a point of escalation for the Security Analyst teams.
• Responding to requests assigned to the team, from both internal teams and clients.
• Conduct detailed data analysis in support of improving both operational capabilities and security analyst performance.
• Persistently seek service improvements and motivate/encourage the Security Analysts to do the same.
• Assist the security incident triage process by implementing counter-measures or mitigating controls.
• Assist the Leadership team in the development of partnerships with vendors.
• Identify improvements and possible automation of our security solutions where feasible for placement on Product and Service development roadmaps

Qualifications and requirements

Essential:

• At least 2 years’ experience with SIEM, SOAR and Service Desk toolsets.
• Broad experience of technologies and concepts including but not limited to; Firewalls, IPS & IDS, Active Directory, Proxy, Linux, TCP/IP, Networks, AWS, CDN's, Azure, Vulnerability management, SIEM.
• In depth knowledge and expertise in the fundamentals of cyber security
• Security Administration knowledge and experience
• Incident containment, recovery and mitigation experience
• Ability to interact confidently with customers and technical team members.
• Evidence of working within SLAs.
• Previous experience of working within a Security Operations Centre (2 Years +).
• Strong analytical and problem-solving skills
• Willing to work flexible schedules
• Willing to work on an on-call rota, where you will be contacted for out of hours escalations on aspects of security.
• Ability and motivation to work independently – someone who can set their own goals and use their initiative to solve problems.
• Basic understanding of AI concepts, such as Agents/Models/MCP Servers.

Desirable:

• Extensive experience of a SOAR platform (Google SecOps) including tools, scripts, events and playbooks.
• Relevant security certifications including SSCP, CEH, Security+, GCIH.
• Degree-level education in a technical or analytical subject.
• Ability to write database queries and languages (KQL/Linq).
• Experience working in a Security Operations Centre (4 years +)
• Knowledge of working with Devo SIEM.
• Proven experience with Large Language Models.