Senior Cybersecurity Specialist – Incident Response

Job Description

Senior Cybersecurity Specialist – Incident Response

Join to apply for the Senior Cybersecurity Specialist – Incident Response role at Sage

As a Senior Cybersecurity Specialist – Incident Response, you'll join a global team and play a key role in protecting Sage’s global systems, data, and customers. This is a hands‑on, senior technical role focused on advanced incident response, threat hunting, and continuous improvement rather than tier‑one alert triage. You will monitor and investigate medium to critical security events, respond to threats, conduct forensics, and proactively hunt for indicators of malicious activity across cloud and on‑premises environments. You will also develop playbooks, enhance detection rules, and refine processes that strengthen our overall cyber defence capabilities.

Location

Hybrid – 3 days per week from our Vancouver office and 2 days from home.

Work Schedule

Monday–Friday, 8 am–4 pm PST, with occasional adjusted hours (6 am–2 pm PST) when supporting UK colleagues during planned PTO. Part of a shared on‑call rotation, one weekend per month.

Minimum Qualifications

• 3–5 years of experience working in cybersecurity leading medium to critical security incident response.


• Hands‑on experience in incident response, including triage, containment, remediation, and end‑to‑end security investigations.


• Experience partnering with Product Development/Engineering, IT, Legal, Cloud Ops, and wider cybersecurity teams to lead remediation.


• Proficiency working with SIEM and EDR tools to investigate large datasets and diverse telemetry.


• Experience in threat hunting, including writing or tuning detection rules.


• Knowledge of cyber threat intelligence practices, including analyzing TTPs, using intelligence frameworks, and actioning intelligence to enhance detections and response.


• Ability to work the required hours and on‑call rotation as outlined above.

Ideal / Bonus Qualifications

• Strong digital forensics skills, including analysis, timeline reconstruction, and interpreting artefacts across Windows, macOS, Linux, and cloud environments.


• Experience in cloud incident response across Azure, AWS, or GCP, including familiarity with cloud‑native logging, identity systems, and investigation techniques.


• Knowledge of application security, including investigating application‑layer attacks, abuse cases, and SaaS‑specific threats.


• Advanced knowledge of cybersecurity and information security control best practices supported by qualifications such as CISSP, SANS, or specialised IR/forensics/threat‑hunting credentials.

Key Responsibilities

• Lead the response and management of cybersecurity incidents to ensure rapid containment, effective remediation, and secure recovery.


• Perform proactive threat hunting across endpoints, servers, cloud environments, and applications to identify malicious behaviour, emerging threats, and security gaps.


• Enhance detection rules and tuning to improve threat visibility and reduce false positives.


• Apply threat intelligence to improve detections, prioritise investigations, and strengthen incident response.


• Conduct forensics to identify root cause and reconstruct attacker activity.


• Take ownership of investigations, making informed technical decisions and driving actions through to resolution.


• Enhance processes, playbooks, and procedures to improve the quality and efficiency of event, threat, and incident handling.


• Lead cyber defence aspects of projects or key workstreams in larger initiatives.


• Mentor junior team members and support their development.


• Monitor and investigate security alerts from SIEM, EDR, NDR, cloud platforms, and other security systems.

Benefits

• 100 % paid premiums for health, dental, and vision coverage


• RRSP contribution match (100 % up to 4 %)


• 35 days paid time off (11 holidays, 16 vacation days, 3 personal days, 5 sick days)


• Work Away, an opportunity to work & play for 10 weeks in a country of your choice (from a Sage‑approved list)


• 18 weeks of paid parental leave for birth, adoption, or surrogacy offered 1 year after your start date


• 5 days paid yearly to volunteer (through Sage Foundation)


• $5,250 tuition reimbursement per calendar year starting 6 months after your hire date


• Sage Wellness Rewards Program (annual fitness reimbursement)


• Library of on‑demand career development options and ongoing training offerings

Compensation

Compensation offered will be determined by factors such as location, level, job‑related knowledge, education, and experience. For this role, in locations where a salary range is required, the target base salary range for new hires is C$125,000 to C$145,000. In addition to base salary, employees will participate in a bonus plan (20 %) based on company and individual performance.

Additional Information

Seniority level: Mid‑Senior level

Employment type: Full‑time

Job function: Engineering and Information Technology

Industries: Software Development