Apply for Cybersecurity Analyst – End Point Detection, SIEM

On behalf of our public sector client, Affinity is seeking we are seeking a Cybersecurity Analyst to support the operation and enhancement of Endpoint Detection & Response (EDR) and Security Monitoring (SIEM) capabilities across the enterprise.

 This is a hands-on operational role focused on monitoring, investigation, and response to security events, as well as supporting platform rollout and ongoing tuning. The Analyst will work closely with security, infrastructure, and cloud teams to ensure effective detection, analysis, and resolution of security threats.

Responsibilities:

EDR Operations

• Support deployment and rollout of EDR capabilities, including prerequisites validation, agent deployment, and troubleshooting.

• Perform ongoing operational support, including platform health monitoring, alert review, and basic tuning.

• Assist in tuning detections and policies to reduce false positives and align with organizational requirements.

• Coordinate with endpoint, server, and cloud teams to support rollout activities and resolve operational issues.

• Document configurations, procedures, and operational practices related to the EDR platform.

SIEM Monitoring & Investigation

• Monitor, triage, and investigate security alerts within the SIEM platform (e.g., Microsoft Sentinel).

• Analyze endpoint, identity, and log telemetry to assess severity, scope, and potential impact.

• Support incident investigations by gathering evidence, documenting findings, and escalating confirmed threats.

• Execute approved response actions (e.g., endpoint isolation, account containment) in accordance with established procedures.

• Use KQL (basic to intermediate) to support investigations and validation activities.

Operational Support & Collaboration

• Maintain accurate documentation, tickets, and investigation records to support auditability and transparency.

• Collaborate with senior analysts, IT operations, and infrastructure teams to resolve security events.

• Support continuous improvement of detection and response processes through operational feedback.

Required Experience

• 4+ years of experience in cybersecurity, security operations (SOC), or a related technical role.

• Hands-on experience with EDR platforms (e.g., Microsoft Defender for Endpoint, CrowdStrike, SentinelOne).

• Experience working in a SIEM environment, preferably Microsoft Sentinel or similar.

• Practical knowledge of Windows systems, endpoint behavior, and basic networking concepts.

• Familiarity with security logs, alerts, and incident handling workflows.

• Experience documenting investigations and working within ticketing systems.

• Strong communication skills, with the ability to clearly document and explain technical findings.

Core Competencies

• Analytical and investigative mindset

• Structured and methodical approach to incident handling

• Clear technical communication

• Attention to detail and documentation discipline

• Ability to work independently and escalate appropriately

Nice-to-Have

• Experience with KQL or similar query languages

• Exposure to cloud security environments (e.g., Azure)

• Familiarity with threat detection concepts (e.g., MITRE ATT&CK)

• Experience in healthcare or regulated environments

Affinity Earn:

Know someone who’s great for this, or any of our open roles? Earn up to $4,000/year for each successful referral through Affinity Earn. You can also earn up to $50,000 for helping us find new clients. Learn about our referral program at https://affinity-group.ca/earn/ or browse our jobs & follow us at https://www.linkedin.com/company/affinity-staffing/jobs/

About Affinity: 

Affinity Group is a technology and business consulting and services company. We believe in creating long term relationships between clients and consultants that foster a mutually beneficial partnership. Affinity is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided on the basis of qualifications, merit and business need.

For more information on Affinity, please visit www.affinity-group.ca

Job Number: 13296

#LI-Remote