Corporate Security Operations Lead

About Us
Carbon60 is 100% focused on helping companies securely manage their IT infrastructure in a cloud environment. We provide both private and public (AWS and Azure) solutions to companies across Canada, the US, and internationally. We thrive in a fast-paced environment, where agility and innovation bring out the best in our people. Our solutions, caliber of talent and industry accolades prove it.

Carbon60 is seeking a Corporate Security Operations Lead to serve as the primary internal security owner for the organization. 

This role is fully dedicated to protecting Carbon60 itself, including corporate systems, internal infrastructure, and internal cloud platforms spanning traditional datacenters, AWS, and Azure. The role does not support customer workloads or deliver customer security services. 

The Corporate Security Operations Lead is responsible for security monitoring, logging coverage, vulnerability management, incident response coordination, identity and SaaS security, and security awareness, working within Shared Services alongside IT Operations and Compliance.
The role includes on‑call responsibility for security‑related escalations originating from Carbon60's 24×7 monitoring provider (Coralogix). As Carbon60 grows, this role is expected to evolve into a people‑lead position, with security analysts reporting into it over time. 

Hybrid work environment: 1-2 days/week in Toronto office.

Your focus includes:

Security Operations and Monitoring 

• Monitor and manage Carbon60's cloud‑delivered security tooling, including: Coralogix for centralized security logging, alerting, and managed 24×7 monitoring, CrowdStrike Falcon for endpoint detection and response
• Reco for SaaS security posture management 
• Act as the primary internal escalation point for security alerts, including triage and investigation of alerts escalated by the Coralogix 24×7 monitoring team. 
• Participate in an on‑call rotation to support security‑based escalations outside of business hours (escalation‑driven, not shift‑based SOC). 
• Assess alert impact and severity, determine required response actions, and coordinate containment and remediation with IT Operations and platform teams. 
• Maintain and continuously improve incident response playbooks and operational procedures. 
• Produce regular operational security metrics and reporting, including incident trends, response times, tooling coverage, and posture indicators. 

Logging, Visibility and Coverage 

• Ensure comprehensive security logging coverage across all systems and services used by Carbon60 employees, including: Corporate IT systems, Datacenter infrastructure, AWS and Azure environments, Identity platforms and key SaaS applications 
• Validate that logs are properly onboarded, normalized, retained, and searchable within Coralogix. 
• Work with IT and cloud teams to onboard new systems and close logging or visibility gaps as environments evolve. 

Identity, SaaS and Workspace Security 

• Own and monitor security controls across identity and productivity platforms, including: Okta, Microsoft 365, Google Workspace 
• Monitor authentication activity, privileged access, and SaaS posture using Reco and native platform tooling. 
• Partner with IT to improve identity hygiene, MFA coverage, conditional access, and least‑privilege access controls. 
• Support investigation and response to identity‑centric security incidents. 

Vulnerability Management and Endpoint Security 

• Own the end‑to‑end vulnerability management program for Carbon60's internal environments. 
• Use Qualys and other vulnerability management tools to continuously assess all end‑user devices (laptops and workstations). 
• Track vulnerabilities across internal servers, network infrastructure, and cloud resources. 
• Prioritize vulnerabilities based on exploitability, exposure, and business impact. 
• Coordinate remediation with IT teams, track progress against defined SLAs, manage risk exceptions, and verify remediation. 

Penetration Testing and Security Assessments 

• Act as Carbon60's internal security lead for external penetration testing and red‑team engagements focused on core internal environments. 
• Penetration testing is performed by external providers; this role is not responsible for performing testing activities. 
• Coordinate with third‑party red‑team and testing partners to define scope, facilitate testing, and review findings. 
• Work closely with Operations, Infrastructure, Cloud, and Platform teams to translate findings into remediation plans, track remediation execution, validate closure, and document accepted risk where required. 

Incident Management and Response (Security) 

• Act as the primary security lead for internal security incidents, including incidents involving: Corporate user accounts and identity platforms, Endpoints and servers, SaaS platforms, Internal cloud environments 
• Coordinate with IT Operations, Compliance, HR, and leadership during internal security incidents. 
• Provide security subject‑matter expertise during customer incidents only when Carbon60 employees, systems, credentials, or internal controls are involved, without owning customer incident response. 
• Contribute to root‑cause analysis, post‑incident reviews, and continuous improvement of security controls. 

Compliance and Security Awareness 

• Support the Compliance Administrator with security‑related compliance activities, including: SOC 2 audits (evidence gathering, control support, and validation of operational controls), completion of security questionnaires and customer security assessments,security awareness training and phishing simulations 
• Assist with maintaining security policies, standards, and procedures. 
• Help reinforce a strong security‑first culture across Carbon60. 

Required Experience and Skills :

• 4–7+ years of experience in security operations, vulnerability management, or infrastructure security 
• Prior experience working in a managed services provider (MSP) environment 
• Hands‑on experience with: CrowdStrike Falcon, Coralogix or similar SIEM/log analytics platforms, Reco or equivalent SaaS security tools, Qualys or comparable vulnerability management platforms 
• Required experience securing and monitoring Okta, Microsoft 365, and Google Workspace 
• Practical experience securing datacenters, AWS, and Azure environments 
• Experience participating in on‑call rotations for security escalations 
• Strong understanding of incident response, logging, and risk‑based vulnerability remediation 
• Strong written and verbal communication skills for technical and non‑technical audiences 

Beneficial / Nice‑to‑Have Experience 

• Identity, secrets, and access management: Akeyless, Azure Entra ID and Conditional Access 
• Privileged access management tools such as CyberArk or BeyondTrust 
• Other secrets management platforms such as HashiCorp Vault 
• Endpoint, cloud, and platform security: Microsoft Intune, Jamf, MDM/MAM platforms, AWS Security Hub, Microsoft Defender for Cloud 
• Email and SaaS security: Microsoft Defender for Office 365, Proofpoint or Abnormal Security 
• Automation and frameworks: PowerShell, KQL, Python 
• CIS Benchmarks, NIST CSF, SOC 2 aligned controls 

What's in it for you:

Compensation & Perks

• Competitive compensation package
• Retirement Savings Matching Program (RRSP)
• Partnership with Perkopolis Discounts

Flexibility & Time Off

• Hybrid work environment
• Flexible work hours & location
• Paid parental leave options

Health & Wellness

• Employer-paid health & dental premiums
• GreenShield+ Counselling Mental Health
• $500 in Health Care Spending Account annually

Growth & Development

• Career growth
• Peer recognition rewards

Carbon60 is an equal opportunity employer and we welcome and encourage applications from people with all levels of ability. Accommodations are available on request for candidates taking part in all aspects of the selection process. We thank all applicants for their interest in this exciting opportunity.

Only candidates that meet the qualifications will be contacted for an interview.

Location

Toronto, Ontario (Hybrid)

Department

Information Systems, Technology & Cyber

Employment Type

C60 Full-Time

Minimum Experience

Manager/Supervisor

Compensation

$110K-$135K