Location: Toronto, Ontario (In-Office) (King & Spadina)
Work Schedule: Monday – Friday, some shift work and on call required
Salary Range: $100,000 - $125,000 CAD per year
AI Disclosure: We do not use artificial intelligence to screen, assess, or select applicants for this position.
Vacancy Status: This posting is for an existing vacancy at our Toronto office.
BrightIT is a high-velocity tech hub focused on delivering world-class digital solutions for the iGaming sector. We bridge the gap between creative startup culture and industrial-scale execution.
Mission: Empowering brands through bold, responsible technology.
Vision: Creating a home for the brightest minds in tech to redefine the gaming landscape.
The SOC L2 Analyst plays a critical role in our Information Security department. Your primary mission is to monitor and analyze security events to detect, investigate, and respond to potential threats. As an L2 specialist, you will act as a bridge between high-volume monitoring and deep-dive incident response, ensuring our infrastructure remains resilient against evolving threat vectors.
Key Responsibilities:
Monitoring & Advanced Analysis:
Continuously monitor security alerts and events from a variety of sources, including SIEM, IDS/IPS, firewalls, and endpoint security tools.
- Monitor, validate, and analyze security events across AWS Cloud infrastructure, SaaS platforms, and on-premise systems.
- Perform deep-dive investigations using diverse log sources to identify sophisticated security incidents and anomalous activity.
Incident Response & Escalation:
- Participate in the full lifecycle of incident response: containment, eradication, recovery, and post-mortem reporting.
- Act as the primary escalation point for the L1 team, providing guidance and technical expertise on complex alerts.
- On-Call Function: Be available for critical incident escalations and "fire drill" scenarios as part of the extended SOC response capability to ensure 24/7 coverage for high-priority threats.
- Triage security alerts: assess severity and potential impact to determine the appropriate handling or escalation path.
Detection & Strategy:
- Develop and refine SIEM rules and detection logic based on the MITRE ATT&CK framework and emerging threat intelligence.
- Identify vulnerabilities and security gaps in the environment; contribute to remediation through enhanced alerting or control improvements.
- Support the threat intelligence function by filtering actionable insights to guide operational decision-making.
Documentation & Continuous Improvement:
- Ensure timely documentation of all security events and incidents in Jira, adhering strictly to SLAs and SOC policies.
- Actively contribute to developing, validating, and optimizing detection use cases to minimize false positives and improve overall response efficiency.
Requirements
Must-Haves:
- 2+ years of experience in security operations, incident response, or threat monitoring.
- Technical Proficiency: Hands-on experience with SIEM platforms (e.g., Elastic Security, Splunk, Sentinel, QRadar, ELK) and log correlation.
- Infrastructure Knowledge: Familiarity with IDS/IPS, EDR, firewalls, and email/web gateways. Familiarity with network and endpoint security technologies, with specific experience managing/monitoring Palo Alto Next-Generation Firewalls and Cortex XDR (EDR).
- Cloud Security: Experience securing cloud platforms (specifically AWS) and their native security services.
- Protocol Expertise: Strong understanding of web protocols and common application-layer attacks.
- Analytical Mindset: Ability to research and investigate security events independently with high attention to detail.
- Methodologies: Solid understanding of cybersecurity principles, MITRE ATT&CK, Cyber Kill Chain, and threat hunting.
- Communication: Clear verbal and written communication for documenting incidents and collaborating with the SOC Lead.
Nice-to-Haves:
Bachelor's degree in Computer Science, Cybersecurity, or a related field.
- Familiarity with regulatory frameworks: ISO 27001, PCI DSS, or GDPR.
- Relevant certifications (e.g., CySA+, GCIH, or cloud-specific security certs).
Why Join Us?
We believe that our people are our greatest asset, and we are committed to fostering a supportive and high-energy work environment.
- Comprehensive Health Benefits: Robust extended health, dental, and vision coverage from day one.
- Time Off: 20 days of paid vacation plus additional paid sick days to ensure you stay rested and healthy.
- Culture: A collaborative team environment where we care deeply for our employees and our social impact.
- Stability: A full-time, in-office role (5 days a week) in a professional and modern workspace.
We view responsible gambling not just as a regulatory requirement, but as a core ethical responsibility and a pillar of our sustainable business model, ensuring we lead the industry in player protection and social integrity. At the heart of our platform is a sophisticated responsible gambling framework designed to protect our community. We take pride in being a socially conscious operator that leverages technology to ensure gaming remains safe, transparent, and sustainable for everyone.