Senior Cyber Security Specialist – Incident Response
Top Benefits
About the role
Job Description As a Senior Security Specialist – Incident Response, you will join Sage’s global Cyber Defence team and play a key role in protecting Sage’s systems, data, and customers.
This is a hands-on senior technical role focused on investigating and responding to complex and escalated security incidents and strengthening Sage’s detection and response capabilities. The role goes beyond routine alert monitoring and focuses on investigating escalated security incidents, performing advanced technical analysis, and improving how Sage detects and responds to threats across its environment.
You will own and lead investigations of medium to critical security incidents, perform incident investigations and forensic analysis to determine root cause and reconstruct attacker activity, and proactively hunt for indicators of malicious behaviour across cloud and on-premises environments. You will also improve detection rules, develop response playbooks, and refine operational processes that strengthen Sage’s overall cyber defence capabilities.
You will partner with Product Engineering, IT, Cloud Operations, Legal, and other cybersecurity teams to lead investigations and drive remediation across Sage’s global environment.
Minimum Qualifications:
- 5 years of experience in cybersecurity responding to medium to critical security incidents
- Strong hands-on experience performing incident response activities including triage, investigation, containment, remediation, and post-incident analysis
- Proficiency using SIEM and EDR platforms to investigate security events and analyze large volumes of security telemetry
- Experience performing threat hunting and developing or tuning detection logic
- Knowledge of cyber threat intelligence practices, including analyzing attacker tactics and techniques and applying intelligence to improve detections and investigations
- Experience conducting incident investigations and forensic analysis to determine root cause and reconstruct attacker activity
- Experience investigating incidents in cloud environments (Azure, AWS, or GCP) including identity systems, logging, and cloud-native telemetry
- Experience working cross-functionally with engineering, IT, cloud operations, legal, and security teams to drive remediation
- Ability to work the required schedule and participate in the on-call rotation
Ideal/Bonus Qualifications
- Experience investigating application-layer attacks, abuse cases, or SaaS platform threats
- Advanced knowledge of cybersecurity and information security control best practices
- Certifications such as CISSP, SANS, or incident response, threat hunting, or forensics certifications
Work Schedule:
Monday–Friday, 8:00am – 4:00pm PST
Occasional adjusted hours (6:00am – 2:00pm PST) when covering UK colleagues during planned PTO
Participation in a shared on-call rotation (one weekend per month)
Location:
Hybrid; 3 days per week from our Vancouver office and 2 days from home
Key Responsibilities
- Own and lead investigations of complex security incidents to ensure rapid containment, effective remediation, and secure recovery
- Perform proactive and hypothesis-driven threat hunting across endpoints, servers, cloud environments, and applications to identify malicious behaviour and emerging threats
- Develop and improve detection logic, alert tuning, and investigation workflows to enhance threat visibility and reduce false positives
- Apply threat intelligence to strengthen detection capabilities and prioritize investigations
- Conduct incident investigations and forensic analysis to determine root cause and reconstruct attacker activity
- Take ownership of complex investigations and drive remediation efforts through to resolution
- Improve incident response playbooks, procedures, and operational processes
- Lead cyber defence workstreams within larger security initiatives
- Mentor junior team members and support knowledge sharing across the team
- Investigate complex security alerts and confirmed incidents across SIEM, EDR, NDR, and cloud security platforms
Benefits? We have plenty...
- 100% paid premiums for health, dental, and vision coverage
- RRSP contribution match (100% up to 4%)
- 35 days paid time off (11 holidays, 16 vacation days, 3 personal days, 5 sick days)
- Work Away, an opportunity to work & play for 10 weeks in a country of your choice (from a Sage-approved list)
- 18 weeks of paid parental leave for birth, adoption, or surrogacy offered 1 year after your start date
- 5 days paid yearly to volunteer (through Sage Foundation)
- $5,250 tuition reimbursement per calendar year starting 6 months after your hire date
- Sage Wellness Rewards Program (annual fitness reimbursement)
- Library of on-demand career development options and ongoing training offerings
Compensation offered will be determined by factors such as location, level, job-related knowledge, education, and experience. Certain provinces in Canada require job postings to include a reasonable estimate of the salary range applicable to the role. For this role, in those locations, the target base salary range for new hires is C$135,000 to C$145,000. In addition to base salary, employees will participate in a bonus plan (20%) based on company and individual performance. Our talent acquisition team will provide specific opportunities on our bonus or incentive programs. The range listed is just one component of the Sage total compensation package.
About Sage
At Sage, we knock down barriers with information, insights, and tools to help your business flow.
We provide businesses with software and services that are simple and easy to use, as we work with you to give you that feeling of confidence. Customers trust our Payroll, HR, and Finance software to make business flow with ease. From our local network of experts to our ever-growing partnerships, we are on hand to give you all the insights you need to thrive. 💚
Similar jobs you might like
Senior Cyber Security Specialist – Incident Response
Top Benefits
About the role
Job Description As a Senior Security Specialist – Incident Response, you will join Sage’s global Cyber Defence team and play a key role in protecting Sage’s systems, data, and customers.
This is a hands-on senior technical role focused on investigating and responding to complex and escalated security incidents and strengthening Sage’s detection and response capabilities. The role goes beyond routine alert monitoring and focuses on investigating escalated security incidents, performing advanced technical analysis, and improving how Sage detects and responds to threats across its environment.
You will own and lead investigations of medium to critical security incidents, perform incident investigations and forensic analysis to determine root cause and reconstruct attacker activity, and proactively hunt for indicators of malicious behaviour across cloud and on-premises environments. You will also improve detection rules, develop response playbooks, and refine operational processes that strengthen Sage’s overall cyber defence capabilities.
You will partner with Product Engineering, IT, Cloud Operations, Legal, and other cybersecurity teams to lead investigations and drive remediation across Sage’s global environment.
Minimum Qualifications:
- 5 years of experience in cybersecurity responding to medium to critical security incidents
- Strong hands-on experience performing incident response activities including triage, investigation, containment, remediation, and post-incident analysis
- Proficiency using SIEM and EDR platforms to investigate security events and analyze large volumes of security telemetry
- Experience performing threat hunting and developing or tuning detection logic
- Knowledge of cyber threat intelligence practices, including analyzing attacker tactics and techniques and applying intelligence to improve detections and investigations
- Experience conducting incident investigations and forensic analysis to determine root cause and reconstruct attacker activity
- Experience investigating incidents in cloud environments (Azure, AWS, or GCP) including identity systems, logging, and cloud-native telemetry
- Experience working cross-functionally with engineering, IT, cloud operations, legal, and security teams to drive remediation
- Ability to work the required schedule and participate in the on-call rotation
Ideal/Bonus Qualifications
- Experience investigating application-layer attacks, abuse cases, or SaaS platform threats
- Advanced knowledge of cybersecurity and information security control best practices
- Certifications such as CISSP, SANS, or incident response, threat hunting, or forensics certifications
Work Schedule:
Monday–Friday, 8:00am – 4:00pm PST
Occasional adjusted hours (6:00am – 2:00pm PST) when covering UK colleagues during planned PTO
Participation in a shared on-call rotation (one weekend per month)
Location:
Hybrid; 3 days per week from our Vancouver office and 2 days from home
Key Responsibilities
- Own and lead investigations of complex security incidents to ensure rapid containment, effective remediation, and secure recovery
- Perform proactive and hypothesis-driven threat hunting across endpoints, servers, cloud environments, and applications to identify malicious behaviour and emerging threats
- Develop and improve detection logic, alert tuning, and investigation workflows to enhance threat visibility and reduce false positives
- Apply threat intelligence to strengthen detection capabilities and prioritize investigations
- Conduct incident investigations and forensic analysis to determine root cause and reconstruct attacker activity
- Take ownership of complex investigations and drive remediation efforts through to resolution
- Improve incident response playbooks, procedures, and operational processes
- Lead cyber defence workstreams within larger security initiatives
- Mentor junior team members and support knowledge sharing across the team
- Investigate complex security alerts and confirmed incidents across SIEM, EDR, NDR, and cloud security platforms
Benefits? We have plenty...
- 100% paid premiums for health, dental, and vision coverage
- RRSP contribution match (100% up to 4%)
- 35 days paid time off (11 holidays, 16 vacation days, 3 personal days, 5 sick days)
- Work Away, an opportunity to work & play for 10 weeks in a country of your choice (from a Sage-approved list)
- 18 weeks of paid parental leave for birth, adoption, or surrogacy offered 1 year after your start date
- 5 days paid yearly to volunteer (through Sage Foundation)
- $5,250 tuition reimbursement per calendar year starting 6 months after your hire date
- Sage Wellness Rewards Program (annual fitness reimbursement)
- Library of on-demand career development options and ongoing training offerings
Compensation offered will be determined by factors such as location, level, job-related knowledge, education, and experience. Certain provinces in Canada require job postings to include a reasonable estimate of the salary range applicable to the role. For this role, in those locations, the target base salary range for new hires is C$135,000 to C$145,000. In addition to base salary, employees will participate in a bonus plan (20%) based on company and individual performance. Our talent acquisition team will provide specific opportunities on our bonus or incentive programs. The range listed is just one component of the Sage total compensation package.
About Sage
At Sage, we knock down barriers with information, insights, and tools to help your business flow.
We provide businesses with software and services that are simple and easy to use, as we work with you to give you that feeling of confidence. Customers trust our Payroll, HR, and Finance software to make business flow with ease. From our local network of experts to our ever-growing partnerships, we are on hand to give you all the insights you need to thrive. 💚