19 Cybersecurity Analysts jobs in Montréal

Job Description

GoSecure is recognized as a leader and innovator in cybersecurity solutions. The company is the first and only to integrate an Endpoint and Network threat detection platform, Managed Detection and Response services, and Cloud/SaaS delivery. Together, these capabilities provide the most effective response to the increased sophistication of continuously evolving malware and malicious insiders that target people, processes and systems. With focus on innovation quality, integrity, and respect, GoSecure has become the trusted provider of cybersecurity products and services to organizations of all sizes, across all industries globally. To learn more, please visit:

GoSecure offers a creative and challenging work environment, a competitive benefit package, and a great atmosphere to foster career growth. Come put your career on the leading-edge and bring your talents to a much sought-after high growth opportunity in technology- GoSecure!

GoSecure is an Equal Opportunity Employer committed to hiring a diverse work team (EEO/AA).

Summary

The VMaaS Analyst is responsible for supporting the delivery and operation of Vulnerability Management as a Service. This includes identifying, analyzing, prioritizing, and reporting vulnerabilities across client environments or internal systems. The analyst ensures timely remediation and maintains compliance with relevant security frameworks. This role is critical in reducing risk exposure and enhancing the organization’s overall security posture.

Duties and responsibilities

• Operate and maintain vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, etc.)
• Perform regular vulnerability assessments across on-premise and cloud environments.
• Analyze scan results to identify false positives and prioritize true findings based on risk.
• Develop and deliver vulnerability reports and dashboards tailored to technical and non-technical audiences.
• Collaborate with system owners, IT teams, and application developers to track remediation efforts and provide guidance on fixes.
• Monitor threat intelligence and CVE feeds to stay current on emerging vulnerabilities.
• Support the tuning of scanning tools to improve detection accuracy and performance.
• Ensure service-level agreements (SLAs) for vulnerability management are met.
• Maintain documentation for processes, playbooks, and customer engagement models.
• Assist in audits and compliance efforts (e.g., PCI-DSS, ISO 27001, NIST CSF).
• Participate in incident response efforts related to newly disclosed or exploited vulnerabilities.
• Contribute to continuous improvement of the VMaaS offering.

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field; or equivalent work experience.
• 2+ years of experience in vulnerability management or cybersecurity operations.
• Hands-on experience with one or more vulnerability management tools (e.g., Tenable.io, Qualys, Rapid7 InsightVM).
• Solid understanding of network protocols, operating systems, and web applications.
• Familiarity with CVSS, NIST NVD, MITRE ATT&CK, and vulnerability scoring.
• Strong analytical, organizational, and problem-solving skills.
• Ability to interpret technical findings and communicate risks effectively.
• Bilingual: English and French in order to respond effectively to our customers and colleagues outside of QC.

Preferred:

• Experience with cloud platforms (AWS, Azure, GCP) and their security services.
• Knowledge of patch management and secure configuration practices.
• Certifications such as CompTIA Security+, CEH, OSCP, or GIAC GSEC/GCIH.
• Familiarity with ticketing systems (e.g., ServiceNow, Jira) and SIEM tools (e.g., Splunk).

Why come to GoSecure?

3 weeks vacation, 5 personal days

14 paid statutory Holidays

Collective insurance: health, vision, dental, disability, life, travel

Employee Assistance Program (Dialogue)

RSP and employer matching contribution

Peers recognition program and other bonuses given along the year

Company stock options

GoSecurian perks

Young and dynamic team always looking to be better

and much more!

Job Description

Summary

An intrusion tester is part of the security testing team and performs various types of security tests for clients. Tests may include wireless assessment, web application test, internal network assessment, external network assessment, phishing exercises, red team assessment, physical security assessment, code review, mobile application assessment, embedded device assessment and other types of security tests.

Duties and responsibilities

• Perform security test, in accordance to our methodology
• Report the technical findings in a report. Tester may have to present the report to clients with varying level of technical knowledge. A good capacity to explain business impact as well as technical issues is a plus.
• Act as an advisor to the client
• Answers clients’ inquiries via phone or email in a professional and timely manner;
• Stay up-to-date on information technology trends, security standards and IT security news.
• Other duties as required.

Qualifications

• 3 years of relevant experience.
• Bachelor’s degree in related field and/or equivalent education/experience.
• Knowledge of common pentesting methodologies (PTES, OSTMM), vulnerability scoring framework (CVSS, DREAD) and OWASP Top 10
• OSCP is considered an asset
• Should be eligible for Secret Clearance and not have any criminal records.
• Excellent written and verbal communication skills
• Energetic and positive attitude
• Exceptional ability to multitask and meet deadline
• Bilingual (English/French) is a big plus

Job Description

Summary

The VMaaS Analyst is responsible for supporting the delivery and operation of Vulnerability Management as a Service. This includes identifying, analyzing, prioritizing, and reporting vulnerabilities across client environments or internal systems. The analyst ensures timely remediation and maintains compliance with relevant security frameworks. This role is critical in reducing risk exposure and enhancing the organization’s overall security posture.

Duties and responsibilities

• Operate and maintain vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, etc.)
• Perform regular vulnerability assessments across on-premise and cloud environments.
• Analyze scan results to identify false positives and prioritize true findings based on risk.
• Develop and deliver vulnerability reports and dashboards tailored to technical and non-technical audiences.
• Collaborate with system owners, IT teams, and application developers to track remediation efforts and provide guidance on fixes.
• Monitor threat intelligence and CVE feeds to stay current on emerging vulnerabilities.
• Support the tuning of scanning tools to improve detection accuracy and performance.
• Ensure service-level agreements (SLAs) for vulnerability management are met.
• Maintain documentation for processes, playbooks, and customer engagement models.
• Assist in audits and compliance efforts (e.g., PCI-DSS, ISO 27001, NIST CSF).
• Participate in incident response efforts related to newly disclosed or exploited vulnerabilities.
• Contribute to continuous improvement of the VMaaS offering.

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field; or equivalent work experience.
• 2+ years of experience in vulnerability management or cybersecurity operations.
• Hands-on experience with one or more vulnerability management tools (e.g., Tenable.io, Qualys, Rapid7 InsightVM).
• Solid understanding of network protocols, operating systems, and web applications.
• Familiarity with CVSS, NIST NVD, MITRE ATT&CK, and vulnerability scoring.
• Strong analytical, organizational, and problem-solving skills.
• Ability to interpret technical findings and communicate risks effectively.
• Bilingual: English and French in order to respond effectively to our customers and colleagues outside of QC.

Preferred:

• Experience with cloud platforms (AWS, Azure, GCP) and their security services.
• Knowledge of patch management and secure configuration practices.
• Certifications such as CompTIA Security+, CEH, OSCP, or GIAC GSEC/GCIH.
• Familiarity with ticketing systems (e.g., ServiceNow, Jira) and SIEM tools (e.g., Splunk).

Why come to GoSecure?

3 weeks vacation, 5 personal days

14 paid statutory Holidays

Collective insurance: health, vision, dental, disability, life, travel

Employee Assistance Program (Dialogue)

RSP and employer matching contribution

Peers recognition program and other bonuses given along the year

Company stock options

GoSecurian perks

Young and dynamic team always looking to be better

and much more!

Job Description

Shape the future of GRC engineering at Coveo

As a Senior Security Analyst on our GRC team, you'll play a pivotal role in reducing risk across the company, with a strong focus on the Coveo Platform, our AI-powered B2B solution. This is your opportunity to transform how security, risk, and compliance are embedded into our cloud-based infrastructure.

Your mission? Bridge the gap between governance and engineering with practical, impactful insights and solutions.

The Coveo Platform is trusted by global enterprises to deliver personalized search and AI powered recommendations at scale. As part of the Security team, you'll play a key role in safeguarding this powerful platform by designing innovative ways to automate compliance and integrate security best practices into our engineering processes.

If you're passionate about transforming GRC processes into streamlined, developer-friendly solutions, this is your chance to make a real impact!

• Automating compliance workflows to streamline GRC operations.
• Enhancing reporting and data visualization to provide stakeholders with clear, actionable insights.
• Expanding our GRC platform to integrate data from our security tools.
• Advocating for security best practices and demonstrating how GRC efforts drive business value.
• Collaborating with engineering teams to interpret security requirements and embed them into systems or products.
• Developing tools that seamlessly integrate GRC controls into engineering workflows.

• 5 years + of relevant security experience with 1-2 years of specific GRC experience in a SaaS technology company .
• Experience with cloud infrastructure (AWS preferred) and governance frameworks (SOC2, HIPAA, ISO27001), with the ability to create clear, data-driven insights using visualization tools like PowerBI or Sigma.
• Strong problem-solving and communication skills, with the ability to work in ambiguity, drive solutions, and explain complex security concepts clearly to both technical and non-technical audiences.

• You believe in the importance of in-person interactions and are excited to work in a flexible hybrid work environment, 2 days a week, in our Montreal or Quebec City offices.
• You are bilingual (English/French) and can support stakeholders across the organization's international offices.
• You have experience with Terraform, Kubernetes, or other infrastructure-as-code tools.

Do you think you can bring this role to life?
You don't need to check every single box; passion goes a long way and we appreciate that skillsets are transferable.

Send us your application, we want to get to know you! Join the Coveolife !

We encourage all qualified candidates to apply regardless of, for example, age, gender, disability, gaps in CV, national or ethnic background. We know that applying for a new role is a lot of work and we really appreciate your time.

#li-hybrid

Network Security Analyst - Palo Alto, MS AVS Cloud Migration

Competencies: Digital : Network Security Palo Alto, CNS_Network Security_Cisco Experience (Years): 6-8

Keywords: Palo Alto, Vmware

Role Description: Migration of On-Prem datacenter to Microsoft AVS Cloud. Coordination with clients Technical team Essential Skills:

1) skill and experience of migration of Palo Alto physical firewall configuration, routing configuration and other policy to virtual palo Alto firewall.

2) experience of migration of site to site VPN links from one dc to AVS cloud.

3) NSX T configuration skills including bgp routing in Azure.

4) overall VMware and Azure AVS migration skill is a plus.

5) IP design planning and deployment is a must skills.

6) IP whitelist, redesign of public IP, load balancer experience, SsL certificate migration are must Experience of Azure AVS technology.

Desirable Skills: Experience of Azure AVS technology.

Job Description

Security Business Analyst - Remote Contract

The Security Business Analyst is responsible for gathering, analyzing, and documenting business requirements for cyber security solutions. The ideal candidate will have a strong understanding of security concepts and technologies, as well as the ability to work effectively with both technical and business stakeholders.

Responsibilities:

• Gather and analyze business requirements for cyber security solutions
• Develop and maintain security requirements specifications
• Work with technical stakeholders to design and implement security solutions
• Test and validate security solutions
• Provide training and support to users on security solutions
• Facilitate workshops and presentations to clients and stakeholders
• Identify and evaluate critical success parameters, factors, and performance measurements

Qualifications:

• Bachelor's degree in computer science, information technology, or a related field
• 5+ years of experience in security engineering or a related field
• Strong understanding of security concepts and technologies
• Excellent communication and interpersonal skills
• Ability to work independently and as part of a team
• Experience in Cyber technology end-to-end implementation projects
• Extensive experience with and knowledge of Identity Governance and Administration (IGA) and Privileged Account Management (PAM)
• Familiarity with cloud based IAM solutions such as Azure Ad, AWS IAM, or GCP IAM is an asset
• International Institute of Business Analysis (IIBA), Certified Business Analysis Professional (CBAP) designation or PMI-BA is an asset
• Knowledge of Federal and Provincial government and healthcare environments is an asset
• Strong understanding of FIPPA, HIPPA etc