Information Security Operations Specialist in Toronto, Ontario at Beanfield Technologies Inc.

About Beanfield

We don’t just build networks, we build communities. From our roots in Liberty Village to our growing footprint across Toronto, Montreal, and Vancouver, Beanfield has spent 35+ years connecting people through a robust, independently owned fibre-optic network.

With 500+ employees and an entrepreneurial mindset, we move fast, think creatively, and stay connected to the people who make Beanfield what it is. If you thrive in a collaborative, high-impact environment where your work matters, you will feel right at home.

Our Values

We Are Challengers
We lead the way. We disrupt the industry by thinking differently, moving quickly, and taking ownership. We operate with a startup mentality and believe in building and investing in our own infrastructure, and our people.

We Are United
We operate as one team. Collaboration is core to how we work, and every idea matters. We believe strong partnerships and shared ownership lead to better outcomes.

We Care
We care deeply about our employees, partners, customers, and communities. We build trust through open communication, thoughtful decisions, and a relentless focus on our brand and customer experience.

The Role

The Information Security Operations Specialist is responsible for the day-to-day detection, analysis, and containment of cyber threats across the enterprise, ensuring all security operations strictly align with business requirements, regulatory frameworks, and compliance standards. Utilizing a strong technical background in security monitoring, event correlation, and defensive architecture, you will serve as the primary hands-on expert for our detection and response tools and processes.

This role operates at an advanced operational level, ensuring the enterprise is not only resilient against evolving cyber threats through active threat hunting and rapid incident response but also continually prepared for rigorous compliance audits and risk assessments.

What You’ll Do

Incident Detection, Threat Hunting & Security Monitoring:

• Continuously monitor, triage, and prioritize alerts from the SIEM, EDR, IDS/IPS, and cloud security platforms.

• Conduct proactive threat hunting exercises using threat intelligence feeds and log analysis to identify hidden adversaries.

• Perform deep-dive analysis (packet captures, endpoint artifacts, log correlation) to investigate suspicious activity, phishing campaigns, and data exfiltration attempts.

• Create and maintain architecture and process diagrams to support monitoring, detection, and response.

Incident Response, Forensics & Post-Incident Remediation

• Act as the primary technical lead during security incidents, driving containment, eradication, and recovery efforts.

• Conduct technical root-cause analysis and digital forensics following an incident to determine the scope of impact.

• Facilitate post-incident reviews to identify visibility gaps and translate technical lessons learned into updated incident response playbooks and hardened security controls.

Security Automation, Reporting & Process Design

• Develop scripts (Python, PowerShell, Bash) or SOAR playbooks to automate routine detection triaging, alert enrichment, and compliance reporting.

• Define technical and operational standards to guide the delivery of security services, identifying operational risks born from process shortcomings.

• Generate weekly/monthly operational and GRC metrics tracking incident response efficacy (MTTR/MTTD), patch compliance rates, and threat trends for executive leadership.

Risk-Based Vulnerability Management & Hardening

• Manage the enterprise vulnerability scanning infrastructure; analyze scan results, prioritize remediation based on business risk, and coordinate patching efforts with IT infrastructure teams.

• Perform continuous configuration compliance audits against industry security baselines (e.g., CIS Benchmarks).

• Participate in threat modeling and risk assessment exercises to identify systemic vulnerabilities in the enterprise architecture and recommend compensatory controls.

Governance, Framework Realignment & Audit Readiness

• Ensure that security monitoring, incident handling, and perimeter rules directly align with established frameworks such as CIS CSC, NIST CSF, SOC 2.

• Provide technical support and evidence for external and internal auditors, gathering and validating evidence (e.g., access reviews, firewall change logs, incident records).

• Draft, review, and maintain operational security policies, standards, and procedures to ensure continuous compliance and minimize organizational risk.

What You Bring

• 5 years of progressive, hands-on experience in a dedicated Security Operations Center (SOC), Incident Response team, or SecOps environment.

• Bachelor Degree in Information Technology, Computer Science, or a related field.

• Proven experience leading technical incident response efforts for complex security events (e.g., ransomware, cloud compromise, insider threats).

• Strong working knowledge of enterprise security stacks, including SIEM platforms (Splunk, Sentinel), EDR solutions (CrowdStrike, Defender), and Next-Gen Firewalls used as detection points.

• Demonstrated experience mapping technical controls to compliance frameworks (CIC, NIST, SOC 2) and participating directly in IT audits.

• Excellent analytical and communication skills, with a proven ability to stay calm during high-pressure incidents and translate technical risks into business impact for leadership.

• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

• High degree of initiative, dependability and ability to work with little supervision while being resilient to change.

• Experience leading the design, evaluation, and implementation of new security tools and technologies.

• Hand-on experience managing Fortinet security tools (FortiGate, FortiManager, FortiAnalyzer, FortiEMS)

• Familiarity with compliance frameworks (NIST, CIS-CSC, SOC 2, ISO 27001)

• Preferred certifications, such as CISSP, GCIA/GCIH

Additional Requirements

• Availability to participate in on-call rotation for security incidents, including after-hours work during critical events.

What’s in it for you

• A united, values-driven culture that genuinely cares about people, collaboration, and community.

• A comprehensive total rewards package, including Traditional Spending Account (TSA) and Health Care Spending Account (HCSA) coverage to support your physical, mental, and financial well-being.

• An additional five (5) personal care days, giving you extra flexibility to recharge, reset, or take care of what matters most.

At Beanfield, we’re proud to be an equal-opportunity employer.

We believe that diverse teams make stronger teams. No matter your background, experience, or life story, if you meet the requirements for this role, we want to hear from you. We are committed to creating an inclusive and accessible workplace where all qualified applicants are considered for employment, without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or any other protected status.

Beanfield provides reasonable accommodations at all stages of the recruitment and selection process. If you need support during your application or interview, please reach out to us at recruitment@beanfield.com, we are happy to help.

Please note:

Actual total compensation will be determined based on factors such as knowledge, skills, performance and experience. The salary range indicated includes a Short Term Incentive Plan (“STIP”) which represents a percentage of your Base Salary based on the achievement of individual and corporate objectives; The STIP payment is calculated based on a formula that takes into account several factors, including, without limitation, corporate and individual performance measures. The STIP payment is conditional upon meeting all of the STIP’s eligibility requirements.

Candidates must be legally eligible to work in Canada, as we are unable to sponsor employment visas. Also, all official communication regarding recruitment and hiring at Beanfield will come exclusively from email addresses ending in @beanfield.com. We urge candidates to be cautious of any unsolicited messages or offers and to remain vigilant against phishing attempts.