Join our Talent Network

Specialist, Cyber Security Operations - Information Technology - 34135

Location: TORONTO, ON, Canada
Posting Start Date: Sep 20, 2023
Posting End Date: Ongoing


Job Description


Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

The Specialist, Cyber Operations will be working in a fast paced and innovative environment for one of North America’s top airlines. The role is responsible for leading the technical direction of Air Canada’s cyber monitoring, detection, and response systems. Air Canada’s cyber security systems are foundational to protecting the data and systems that allow its customers to fly safely. Cyber security threats continue to evolve, and the Cyber Security Operations Specialist role will evolve with it. As a specialist you will be expected to lead the technical direction of cyber security technologies, deploy, and configure new cyber security technologies, develop standard operating procedures that will be used by members of the Cyber Security Operations Centre team, inspire and train a team of 7x24 Cyber Security Analysts on preventing/detecting/responding to security threats, and establish relationships with Air Canada service owners to protect their data and systems. 

This position will be reporting to the Manager, Cyber Operations.


  • Responsible for the security posture of Air Canada’s technology environment.
  • Responsible for security monitoring, response, and remediation activities of Air Canada’s technology environment.
  • Responsible for creating opportunities for new and previously unknown avenues for threat intelligence.

Functional Accountabilities

  • Develop and maintain a Security Incident Event Management (SIEM) system for a 7x24 team of cyber security analysts.
  • Develop and maintain detection and response technologies that continuously evolve with the changing cyber threat landscape.
  • Automate Security related tasks with a high degree of efficiency leveraging a SOAR platform.
  • Act as an escalation point for tier 1 and 2 cyber security analysts responding to cyber security incidents.
  • Create, support, and maintain all pertinent documentation, which includes but is not limited to, root cause analysis, standard operating procedures, incident response plans, applicable standards for monitoring and security tooling.
  • Perform Digital Forensics, Incident Response (DFIR) and threat hunting activities using relevant actor TTP's and IOCs.
  • Monitor compliance with information security policies and procedures.
  • Develop, manage, measure and report on key service-level metrics showcasing the effectiveness of the Cyber Security Operations program.
  • Provide expertise in the definition, selection and implementation of IT Security and Business Continuity related controls to the IT Department.
  • Develop and communicate operational security objectives; inspire, motivate and train team members to follow and achieve organizational security standards.


  • Lead business and technology analysis efforts for the Cyber Security Operations Centre.
  • Lead requirements and analysis efforts, including translating business requirements.
  • Lead use case creation efforts.
  • Lead Planning and monitoring processes for a particular functional area which may include onboarding new data sources for monitoring.
  • Define and maintain methods, techniques and calculations for identifying ways to improve security operational processes.
  • Be a senior technical resource and subject matter expert on matters related to cyber security.
  • Maintain up-to-date understanding of security threats, countermeasures and security tools.



  • A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
  • 7-12 years of IT technology, operations and people leadership experience in a large company 
  • Demonstrated experience (5 years +): Incident/Major Incident, ITIL process concepts and execution (Incident Management, Problem Management, and Change Management), cyber security incident response, Enterprise SIEM technologies (i.e., Sentinel, Arcsight, Splunk, QRadar, Elastic, LogRhythm), Threat intelligence management
  • Experience with enterprise SOAR technologies (i.e., LogRhythm, Logichub, Demisto, etc.)
  • Certification in Information Security (Any advanced blue/purple team training).
  • Experience with Azure and AWS.
  • Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IPS technologies, proxy technologies, WAF Technologies, mail filtering solutions, antivirus, EDR, Windows and Linux based operating systems.
  • Ability to create complex regular expressions and queries for detection and parsing purposes.
  • Scripting knowledge in Python and PowerShell .
  • This position requires a high level of availability and flexibility as shift work may be part of the requirement as this role is part of our 24/7 IT Operations.
  • Able to communicate effectively and to work collaboratively with all levels of the organization with superior verbal and written skills.
  • Superior customer service and client interfacing skills.

Behavioral Competencies

  • Ability to work effectively under pressure and in rapidly changing environments or uncertain conditions.
  • Takes responsibility for the results and actively participates in the future direction of the organization.
  • Ability to work cooperatively with others on a team, and to establish and maintain effective business relationships.
  • Ability to maintain a professional and assertive demeanor under challenging situations and possesses confidence to act on critical decisions.
  • Able to handle multiple tasks in a fast-paced environment.

Working Conditions:

  • After hours on-call support for escalations.
  • Ability to travel and work effectively with remote teams.
  • Working from home office if not located at core locations.

Conditions of Employment:

  • Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.