Department of Position: Technology
Reports to: Director, Technology
Location: Markham, ON
Existing vacancy: Yes – Open and available immediately
Company Description
Proudly Canadian-founded, the Lorex team across North America is committed to the design, development, and deployment of ingenious smart home security and business monitoring solutions that enhance our customers’ lifestyles and sense of well-being. We achieve this by continuing to produce innovative solutions, all backed by cutting-edge technology and a dedicated team of forward thinkers.
Job Summary
The Cyber Security Analyst is a key member of the Cloud Technology & Security team, reporting to the Director of the department. You will play a critical role in ensuring compliance with security standards and regulations, conducting security analysis and vulnerability scans, designing secure solutions, analyzing threats, and implementing safeguards to protect sensitive data. This role combines proactive security reviews, incident response, and collaboration with cross-functional teams to maintain and strengthen Lorex’s security posture. In addition to security, the candidate should be comfortable with privacy considerations, as privacy goes hand in hand with security, though not required to be a subject matter expert.
Duties & Responsibilities:
Security Reviews and Assessments (60%)
- Conducts Threat and Risk Assessments (TRAs), Audits and/or Security Reviews on Lorex Products and Services that are based on an industry reputable standard such as ISO 27001/2, SOC2, NIST, and GDPR requirements
- Perform security analysis and vulnerability scans of mobile apps (iOS/Android), cloud services, and embedded system firmware
- Partner with project teams to provide secure design and deployment guidance
- Performs a gap analysis of Lorex security environment against industry best practices and recommend remediation
- Recommend and validate secure configurations for infrastructure systems (Windows, Linux, macOS, AD, IDS/IPS, SIEM, etc.)
- Define, review, and report on security analystics and metrics
- Stay current with evolving information security technologies and best practices
- Own the full cycle talent acquisition process from project kick-off to new hire onboarding where applicable
- Identify and act on opportunities to streamline talent acquisition processes and tools
- Own the full cycle talent acquisition process from project kick-off to new hire onboarding where applicable
- Identify and act on opportunities to streamline talent acquisition processes and tools
Security Operations (40%)
- Responds to security incidents applying appropriate containment and eradication techniques
- Monitor infrastructure, security reports, and vulnerability assessments to identify threats or weaknesses
- Support disaster recovery and business continuity planning and testing
- Collaborate with software development, DevOps, and engineering teams to integrate security requirements and perform security testing
- Serve as an internal security consultant across projects and external stakeholders engagements
- Promote and foster a strong security culture within the organization
Qualifications & Experience
● Undergraduate degree in Information Security, Computer Engineering, or related field
● 3-5 years of hands on experience in information security roles with large scale environments
● Professional certifications such as Certified Information Systems Security Professional (CISSP) certification, Certified Information Security Auditor (CISA), Certified Ethical Hacker (CEH) or Certificate of Cloud Security Knowledge (CCSK) are assets
● Solid technical expertise in vulnerability assessments, penetration testing, application and OS hardening, firewalls, VPNs, PKI, IDS/IPS, encryption, and incident response
● Familiarity with industry standards such as ISO27001, NIST, CIS, SOC2 benchmarks
● Experience designing and implementing security controls in cloud (AWS, GCP, Digital Ocean etc.)
● Experience conducting security analysis and vulnerability scans for mobile apps, cloud services, and embedded system firmware
● Knowledge of SIEM, endpoint protection, and monitoring tools
● Experience with surveillance, video, real-time communications and similar considered an asset
● Ability to work independently and collaboratively, with strong problem-solving and analytical skills
● All prospective employees must pass a background check
Lorex welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.
Please note that we use AI tools as part of our recruitment process to enhance efficiency and improve candidate experience.
