Title:  Specialist, Cyber Security Control & Defense

Requisition ID: 257678 

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Role

The Specialist of Cybersecurity Alerting Configuration is responsible for implementing, maintaining, and optimizing security alerts across enterprise security platforms. This role focuses on ensuring alerts are accurate, actionable, and aligned with organizational security objectives to enable timely detection and response to cyber threats.

What You’ll Do:

Alerting & Detection Engineering

• Configure and maintain alerts in SIEM integrating with security tooling related to EDR, NDR, and cloud security platforms.
• Develop detection logic for emerging threats using threat intelligence and MITRE ATT&CK mapping.
• Continuously tune alerts to reduce false positives and improve detection fidelity.
• Validate alert performance through testing and simulation of attack scenarios.

Operational Support

• Collaborate with SOC and Incident Response teams to validate alert effectiveness and improve workflows.
• Investigate alert performance and recommend improvements to detection coverage.
• Document alert configurations and maintain version control for audit and compliance.
• Provide Tier 3 support for escalated alerting issues and assist in root cause analysis.

Threat Intelligence Integration

• Incorporate threat intelligence feeds into alerting logic to detect emerging threats.
• Map alerts to MITRE ATT&CK techniques for better coverage and reporting.

Governance & Compliance

• Ensure alert configurations meet regulatory and internal security standards.
• Participate in audits and provide evidence of alerting controls.

Innovation & Automation

• Support automation initiatives for alert triage and enrichment using SOAR platforms.
• Research and implement advanced detection techniques, including behavioral analytics and anomaly detection.

Testing & Validation

• Conduct testing of new alert configurations using simulated attack scenarios.
• Validate detection logic against real-world threat behaviors.

Metrics & Reporting

• Track and report on alert performance metrics such as false positive rates, detection coverage, and response times.

Provide recommendations for continuous improvement based on data-driven insights.

What You'll Bring:

• Education: Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
• Experience:
• 3-5 years in cybersecurity operations, detection engineering, or threat response.
• Hands-on experience with SIEM and EDR platforms.
• Technical Skills:
• Proficiency with SIEM tools (e.g., Splunk, QRadar, Azure Sentinel).
• Familiarity with scripting (Python, PowerShell) for automation.
• Understanding of MITRE ATT&CK and threat detection methodologies.
• Certifications: Security+ or equivalent required; GIAC (GCIA, GCED) or similar preferred.

What's in it for you?

• You’ll join a team focused on building cloud platforms as products, enabling delivery teams across the enterprise rather than acting as a centralized gatekeeper or operating within a narrow delivery focus. This role offers exposure to a wide range of technologies, problem domains, and stakeholders.
• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove, and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days, and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs.

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our  Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.