Lumentum Operations LLC

Senior IT Security Analyst

Lumentum Operations LLC$80K — $115K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in cybersecurity operations or related fields
  • Expertise in leading complex security investigations
  • Relevant certifications such as CISSP, CISM, or equivalent are desirable
  • In-depth knowledge of security controls, risk governance, and incident response processes
  • Strong technical skills in SIEM, DLP, MFA, and vulnerability management

Responsibilities

  • Lead investigations across various security domains
  • Develop and refine operational security procedures
  • Coordinate responses to significant cyber incidents
  • Translate technical findings into actionable risk statements
  • Own and manage Data Loss Prevention and Multi-Factor Authentication controls
  • Conduct vulnerability prioritization and remediation planning
  • Provide leadership and coaching to colleagues and stakeholders

Benefits

  • Flexible time off
  • Health and wellness benefits, including mental health support
  • Tuition reimbursement and career growth assistance
  • Access to on-site facilities like a gym and games room
  • Subsidized meals and complimentary beverages
  • Employee stock options and incentive plans
  • Inclusive and collaborative work culture
Full Job Description
Position Title: Senior IT Security Analyst

Employment Type: Full-time, Existing vacancy

Location: Ottawa (On-Site)

What You'll Be Doing

The postholder provides advanced technical security analysis, leads complex investigations, improves the maturity of security controls and advises stakeholders on cyber risk. The role combines hands-on security operations with control ownership, specialist guidance, assurance and continual improvement.

Role scope and level
  • Senior technical practitioner with authority to lead complex operational security work within agreed governance.
  • Responsible for risk-based recommendations, improvement of procedures and subject-matter advice for incidents, vulnerabilities, identity controls, data protection and security tooling.
  • Expected to coach colleagues, influence technical teams and translate threat, control and risk information into clear management updates.
  • Focuses on control maturity, assurance quality, repeatable processes and measurable reduction of cyber security risk.

Key responsibilities

1. Security operations leadership
  • Lead complex security investigations across endpoint, network, identity, email, cloud and application data sources.
  • Define triage criteria, alert handling standards, escalation paths and quality checks for security operations.
  • Review high-impact alerts and incidents, ensure proportional response and remove barriers to containment and remediation.
  • Develop and improve detection logic, playbooks, dashboards and operational procedures.

2. Incident response leadership
  • Coordinate response to significant cyber security incidents in line with the incident management process.
  • Lead technical analysis for malware, phishing, credential compromise, insider risk, data exposure, privilege misuse and suspicious network activity.
  • Ensure evidence handling, incident timelines, decisions, lessons learned and remediation actions are complete and auditable.
  • Produce post-incident reviews and track corrective actions through to closure.

3. Risk, governance and assurance
  • Translate technical findings into risk statements, control weaknesses and prioritised remediation plans.
  • Support risk assessment, risk acceptance, audit and assurance activity with clear evidence and professional judgement.
  • Advise on relevant information security legislation.
  • Contribute to security standards, control testing, supplier assurance and management reporting.

4. Data Loss Prevention and Multi-Factor Authentication control ownership
  • Own or act as technical lead for Data Loss Prevention (DLP) monitoring, rule tuning, alert quality, exception handling and escalation.
  • Own or act as technical lead for Multi-Factor Authentication (MFA) control performance, exception governance, break-glass account checks, privileged access enforcement and conditional access design.
  • Analyse Data Loss Prevention (DLP) and Multi-Factor Authentication (MFA) trends to identify control gaps, user behaviour issues, data handling risks and improvement opportunities.
  • Ensure control documentation, operating procedures and evidence packs are complete, current and aligned to policy.

5. Vulnerability, threat and configuration management
  • Lead vulnerability prioritisation using exploitability, asset criticality, exposure and business impact.
  • Challenge and support remediation plans for high-risk vulnerabilities, insecure configurations and unsupported systems.
  • Develop recurring reporting on vulnerability trends, control gaps and remediation performance.
  • Use threat intelligence to improve detection, hardening and risk prioritisation.

6. Security architecture and technical assurance
  • Review proposed changes, projects and new services for security risks and control requirements.
  • Advise on secure design for identity, endpoint, network, cloud, logging, data protection and resilience controls.
  • Validate that logging, monitoring, access control, encryption, backup and recovery requirements are included in project delivery.
  • Recommend improvements to security tooling and integration, including automation where proportionate.

7. Metrics, reporting and continual improvement
  • Produce clear management information on incidents, vulnerabilities, Data Loss Prevention (DLP), Multi-Factor Authentication (MFA), control exceptions, detection coverage and remediation performance.
  • Define Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for security operations and control assurance.
  • Identify process inefficiencies, repeat incidents and control weaknesses, then lead improvement actions.
  • Maintain a forward view of emerging threats, technology changes and relevant good practice.

8. Leadership, coaching and stakeholder management
  • Coach colleagues on investigation quality, evidence standards, tooling, communication and risk-based decision-making.
  • Provide clear guidance to infrastructure, application, cloud, data protection, service desk and business teams.
  • Present security findings, risks and recommendations to technical and non-technical stakeholders.
  • Promote a constructive security culture focused on proportionate risk management and business enablement.


What We're Looking For

Education:
  • Relevant professional certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or equivalent.
  • A degree, apprenticeship or professional training in cyber security, information security, computer science or a related discipline is desirable but not essential where equivalent experience can be demonstrated.


Experience:
The ideal candidate will have:

  • Typically, five or more years in cyber security operations, incident response, security engineering, assurance, infrastructure security or a comparable environment, or equivalent demonstrable experience.
  • Experience leading complex investigations, coordinating stakeholders, improving controls and presenting risk-based recommendations.


Skills:

Essential technical skills
  • Advanced security investigation using Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), endpoint protection, identity, email, web, network and cloud data.
  • Strong Data Loss Prevention (DLP) policy design, tuning, investigation and exception management.
  • Strong Multi-Factor Authentication (MFA) implementation, exception governance, conditional access and privileged access control.
  • Vulnerability management, secure configuration assessment and remediation prioritisation.
  • Incident command, evidence handling, root cause analysis and post-incident review.
  • Security architecture assurance for identity, endpoint, network, cloud, application and data protection controls.
  • Detection engineering and automation using scripts, queries or workflow tools where appropriate.
  • Understanding of control frameworks and standards, including the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF), National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), Center for Internet Security (CIS) Critical Security Controls and International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 27001.

Essential knowledge
  • Cyber security risk governance, control design and assurance principles.
  • Advanced incident response, including evidence preservation, decision logging, containment strategy and recovery planning.
  • Threat-informed defence, including common attack tactics, techniques, procedures and defensive control mapping.
  • Identity and access control principles, including privileged access, conditional access, authentication assurance and access recertification.
  • Data handling, information classification, privacy considerations and insider risk indicators.
  • Secure architecture principles for cloud, endpoint, network, application, logging and resilience controls.

Behavioural skills
  • Sound judgement, professional integrity and commitment to confidentiality.
  • Ability to prioritise under pressure and make proportionate, risk-based recommendations.
  • Strong written and verbal communication with the ability to explain complex issues clearly.
  • Constructive leadership style that develops capability and supports collaboration across technical and business teams.
  • Commitment to continual improvement and practical security outcomes.


Measures of success
  • Complex incidents are led effectively, with clear decisions, defensible evidence and timely corrective actions.
  • Security controls are improved through tuning, process enhancement, automation and measurable risk reduction.
  • Data Loss Prevention (DLP) and Multi-Factor Authentication (MFA) control performance is visible, governed and aligned to policy.
  • High-risk vulnerabilities and configuration weaknesses are prioritised and remediated using a risk-based approach.
  • Management reporting is clear, accurate and useful for decision-making.
  • Colleagues and stakeholders receive credible guidance that improves security capability and confidence.


Perks You'll Love
  • Flexible time off
  • Health and wellness benefits (physical and mental)
  • Tuition reimbursement and career growth support
  • A workplace built for you: free gym, games room, prayer room
  • Subsidized meals, free coffee/tea
  • Employee stock options and incentive plans
  • A collaborative, innovative, and inclusive culture


Salary Range: $80,000 - $115,000 CAD (flexible).

Final compensation will be determined based on factors such as experience, skills, and qualifications. In line with our commitment to being a great place to work, Lumentum offers competitive total rewards which may include annual bonus, equity, and comprehensive health and welfare benefits.

About Lumentum Operations LLC

Lumentum is a leading provider of photonics products for optical networking and commercial laser customers worldwide. The company designs and manufactures innovative optical and photonic products enabling optical networking and commercial laser customers worldwide. Lumentum's optical components and subsystems are part of virtually every type of telecom, enterprise, and data center network. The company's commercial lasers enable advanced manufacturing techniques and diverse applications including next-generation 3D sensing capabilities. Lumentum is headquartered in Milpitas, California, and has R&D, manufacturing, and sales offices worldwide. The company was founded in 2015 as a spinoff from JDS Uniphase Corporation.
Learn more about Lumentum Operations LLC
Size
5,618 employees
Market Cap
$3.4 billion
Industry
Net Income
$189.1 million
Founded
2015
5 Year Trend
+11.3%
Revenue
$1.7 billion
NASDAQ

Similar Jobs

More Jobs at Lumentum Operations LLC

More Information Technology Jobs

Find similar Senior IT Security Analyst jobs: