Threat Detection and Response Analyst

Bachelor's degree in Cybersecurity, Computer Science, or a related field (or equivalent experience). 5–8 years of experience in cybersecurity, including 3+ years focused on threat hunting, detection engineering, or incident response. Deep understanding of adversary tradecraft, the MITRE ATT&CK framework, and modern threat landscapes. Experience with SIEM, EDR, and cloud-native detection tools (e.g., CrowdStrike, Alienvault, AWS GuardDuty, Azure Defender, Elastic, etc.). Strong analytical and investigative mindset. Familiarity with scripting languages (Python, PowerShell, etc.). Knowledge of network protocols, operating system internals, and log analysis. Excellent written and verbal communication skills. Demonstrated ability to work both independently and collaboratively.

Perform cybersecurity threat detection, analysis, and mitigation as part of a global, around-the-clock security team. Perform proactive threat hunting across Tucows’ systems, networks, and cloud environments. Investigate potential security incidents using a wide range of tools, logs, and techniques. Collaborate with other Security Analysts and Security Engineering personnel to triage, contain, and remediate identified threats. Develop and tune custom detection rules, scripts, and playbooks to improve threat visibility and response effectiveness. Design, build, and maintain scalable detection logic across SIEM and EDR platforms. Design, test, and improve security detections, playbooks, and automation workflows. Review and triage alerts and logs, escalating significant incidents. Monitor external service providers for suspicious activity or potential security events. Perform continuous analysis of threat intelligence, tactics, techniques, and procedures (TTPs). Utilize Cyber Threat Intelligence sources and workflows to augment detection and response. Document and communicate findings with clear technical and business context, recommending long-term preventive actions. Contribute to purple team exercises, attack simulations, and post-incident reviews. Mentor junior analysts and foster a culture of curiosity, learning, and shared security ownership.