Join one of Canada's Best Workplaces

Senior Cyber Incident Responder

Nova Scotia
Information Security
Role Type
To be discussed
Closing Date
Apply now

Technology is at the heart of driving Admiral’s business.

About Admiral Tech

With a history of innovation, the Admiral Group are bringing our world-class Tech department to Canada for the first time ever.

From Cloud through to DevOps, our Technology department consists of over 600 people and is an exciting and fast-paced environment to work in. If you’re looking for a technically challenging and rewarding role, with outstanding support and opportunities for progression, you’ve come to the right place.

More on Admiral Tech 

About Admiral Canada

We’re more than you think.

One of the UK’s most recognizable insurance and financial service providers, Admiral offers insurance, loans, and various other products to over 9.1 million international customers.

In 2007, Admiral launched its Canadian office in Halifax with a small group of 20 staff. Today, we employ 500 people throughout Nova Scotia who support our UK customers with home and motor insurance policies.

We’ve been recognized as one of Canada’s Great Places to Work every year since 2010 and have also been named one of Nova Scotia’s and Atlantic Canada’s Top Employers annually since 2015. In 2022, the Great Place to Work® Institute ranked Admiral as the 4th Best Workplace in Canada.

The next chapter in the Admiral Canada’s success story is bringing Admiral Tech to Canada. This role is an exceptional opportunity to be the architect of Admiral Tech in Canada and influence its foundation.

About the Job

The Senior Incident Responder role will sit within our Cyber Defence Department. This is a hands-on technical role which also requires operational management skills.

We are looking for someone who has a strong technical background, with significant experience across all types of incident response inclusive of cloud and can demonstrate adherence to digital forensic principles and procedures.

The right candidate will be able to work alongside senior stakeholders across the business as well as our other department technical teams. When not responding to and managing incidents you will be expected to take part in threat hunting as well as driving forward the IR team with their strategic mission which will consist of constant reviews of processes and procedures, developing new playbooks, running business wide tabletop sessions (including extinction level attacks) and assessing our overall incident response maturity levels.

Being able to distil technical information to non-technical members of Admiral is vital. With the successful candidate not being afraid to question what is being presented to them, constantly searching for answers to “why” something has happened and persisting with the resolutions to stop it happening again.

Essential Experience and Skills:

  • 4+ years of experience conducting incident response management and investigations.
  • Demonstrated experience with digital forensic practices, including report writing.
  • Strong knowledge of multi-cloud incident response, including but not limited to:
    • Investigation into relevant logs such as Prisma, Sentinel, Defender, etc.
    • Cloud-native automation of containment activities.
    • Collaboration with application and infrastructure to understand cloud attack vectors and security measures required.
  • SaaS application investigations and relationship management.
  • Proficiency with Windows/Linux/Mac operating systems.
  • Experience in reverse-engineering malware samples and C2 protocols, including but not limited to:
    • Reverse engineering recently discovered malware variants and their respective C2 infrastructure and targets.
    • Research into the latest malware detection evasion techniques.
    • Creation of detection rules and/or provide detection or blocking recommendations.
  • Practical programming knowledge or experience in writing scripts in languages such as Python, PowerShell, and Bash.
  • Broad understanding of networking and common enterprise technologies.
  • A demonstrable understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
  • To be able to demonstrate a professional, calm, and expert manner consistently while also showing leadership during stressful situations.
  • Proven experience in driving strategic goals and stakeholder management, including third-party relationships.
  • Certifications such as GCIH, GCFA, GNFA, and GDAT.

Salary, Benefits, and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we’re consistently ranked nationally as one of Canada’s (and the world’s) best workplaces. To that end, you will have an element of scheduling autonomy to strike an appropriate balance between personal flexibility and business needs.

All colleagues will receive 31 days of paid time off (including Statutory holidays) annually when you join us, and this will increase with length of service, up to a maximum of 38 days (including statutory holidays).

You can view some of our other key benefits here 

Our Commitment to You

As an equal opportunity employer, Admiral is committed to fostering a diverse and inclusive workplace free from discrimination based on race, national origin, gender, gender identity, sexual orientation, ability, age, family status or any other legally protected status. All qualified applicants will receive equal consideration for employment on that basis.

All qualified applicants will receive equal consideration for employment.