Incident Response Lead

CGI

$105K — $155K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Minimum 7 years of experience in cybersecurity or related role.
  • Demonstrated leadership in complex cyber incident response engagements.
  • Strong grasp of incident response frameworks and lifecycle management.
  • In-depth knowledge of threat actor tactics, techniques, and procedures (TTPs), including the MITRE ATT&CK framework.
  • Advanced understanding of enterprise security and cloud technologies, including Azure and Microsoft 365.

Responsibilities

  • Lead technical response and coordinate incident containment, eradication, and recovery activities.
  • Conduct investigations on endpoints, networks, and cloud environments to assess incident impact.
  • Oversee digital forensic investigations ensuring proper evidence handling.
  • Develop and enhance incident response plans and operational standards.
  • Analyze malware using both static and dynamic techniques.
  • Collaborate cross-functionally to enhance detection capabilities and operational readiness.
  • Produce comprehensive technical reports and conduct post-incident analysis.

Benefits

  • Access to career development resources and training programs.
  • Opportunities for mentorship and professional growth within the organization.
  • Flexible work arrangements with options for remote work from various Canadian locations.
  • Participation in a 24/7 on-call rotation for high-priority incidents.
Full Job Description
Incident Response Lead

Category: Cyber Security

Main location: Canada, Ontario, Toronto

Alternate Location(s): Canada, Alberta, Calgary
Canada, Alberta, Edmonton
Canada, British Columbia, Vancouver
Canada, Ontario, Ottawa
Canada, Quebec, Montreal

Position ID:J0626-2564

Employment Type: Full Time

Position Description:

This role can be located in any CGI office in Canada.

The Incident Response Lead is part of CGI's Global Security Operations Center (GSOC), which provides 24/7 security monitoring, threat detection, and incident response capabilities across the organisation.

As a senior member of GSOC, the Incident Response Lead is responsible for leading the technical response to complex cybersecurity incidents, coordinating investigations, and driving containment, eradication, and recovery activities. Acting as the technical authority during major incidents, the role provides Incident leadership in GSOC while ensuring investigations are conducted using industry best practices and forensically sound methodologies.

The Incident Response Lead works closely with Security Monitoring, Detection Engineering, Threat Intelligence, Security Engineering, IT Operations, and business stakeholders to minimise organisational risk, improve incident response capabilities, and strengthen CGI's overall cyber resilience.

This role requires extensive experience in cyber incident response, digital forensics, threat actor tactics, techniques and procedures (TTPs), malware analysis, enterprise infrastructure, and cloud technologies. The successful candidate will combine deep technical expertise with strong leadership, communication, and decision making skills to manage high impact incidents in a fast paced global environment.

Your future duties and responsibilities:

Key Responsibilities

. Lead the technical response to cybersecurity incidents, coordinating containment, eradication, recovery, and post incident activities.
. Conduct advanced investigations across endpoints, networks, cloud environments, identity platforms, and enterprise applications to determine root cause, attack scope, and business impact.
. Perform and oversee digital forensic investigations using industry standard and forensically sound methodologies, maintaining appropriate evidence handling and chain of custody.
. Develop and continuously improve incident response plans, playbooks, procedures, and operational standards.
. Conduct malware analysis, including static and dynamic analysis, and perform basic reverse engineering where required.
. Collaborate with Threat Intelligence, Detection Engineering, Security Monitoring, and Security Engineering teams to improve detection capabilities and operational readiness.
. Provide technical guidance and mentorship across GSOC, supporting junior partners professional development.
. Produce high quality technical reports, executive summaries, and lessons learned following security incidents.
. Identify opportunities to automate investigation workflows and improve the efficiency of incident response operations.
. Participate in an on call rotation providing 24/7 incident response support for high priority cybersecurity incidents.

Required qualifications to be successful in this role:

The candidate should have expertise and strong experience including:

. Minimum of 7 years' experience in working in a similar cybersecurity role or associated discipline.
. Demonstrable experience leading complex cyber incident response engagements within enterprise environments.
. Strong knowledge of incident response frameworks, methodologies, and lifecycle management.
. Extensive understanding of threat actor tactics, techniques and procedures (TTPs) and the MITRE ATT&CK framework. . Advanced knowledge of Windows, Linux, Active Directory, Microsoft 365, Azure, networking, and enterprise security architecture.
. Experience conducting host, network, cloud, and identity investigations.
. Experience using enterprise security technologies, including SIEM, EDR/XDR, NDR, and forensic investigation tools.
. Experience performing digital forensic investigations and evidence preservation using forensically sound practices.
. Experience analysing malware using static and dynamic analysis techniques.
. Strong understanding of common attack techniques, persistence mechanisms, privilege escalation, lateral movement, and data exfiltration.
. Ability to lead technical teams during high pressure incidents while making effective risk based decisions.
. Excellent communication skills with the ability to explain complex technical concepts to both technical and executive audiences. . Knowledge of insider threat investigations and user behaviour analytics.
. Experience collaborating with legal, privacy, HR, or regulatory bodies during cyber investigations.
. Experience with cloud security investigations across Microsoft Azure, Microsoft 365, AWS, or Google Cloud Platform.

Qualifications & Certifications

. Bachelor's degree in Cyber Security, Computer Science, Information Technology, or a related discipline, or equivalent practical experience.
. Relevant industry certifications are desirable, including one or more of:
. GIAC Certified Incident Handler (GCIH)
. GIAC Certified Forensic Analyst (GCFA)
. GIAC Reverse Engineering Malware (GREM) . GCFE or GCIA . CISSP . CISM

CGI is providing a reasonable estimate of the pay range for this role. The determination of this range includes factors such as skill set level, geographic market, experience and training, and licenses and certifications. Compensation decisions depend on the facts and circumstances of each case. A reasonable estimate of the current range is $105,000-$155,000 This role is an existing vacancy.

#LI-AB19

Skills:
  • Cloud Security Audit
  • Collaboration
  • Cybersec. Incident Remediation
  • English
  • Incident Management
  • Leadership
  • Linux
  • Threat Risk Assessment


Similar Jobs

More Jobs at CGI

More Information Technology Jobs

Find similar Incident Response Lead jobs: