Corporate Security Operations Lead

About Us
Carbon60 is 100% focused on helping companies securely manage their IT infrastructure in a cloud environment. We provide both private and public (AWS and Azure) solutions to companies across Canada, the US, and internationally. We thrive in a fast-paced environment, where agility and innovation bring out the best in our people. Our solutions, caliber of talent and industry accolades prove it.

Carbon60 is seeking a Corporate Security Operations Lead to serve as the primary internal security owner for the organization. 

This role is fully dedicated to protecting Carbon60 itself, including corporate systems, internal infrastructure, and internal cloud platforms spanning traditional datacenters, AWS, and Azure. The role does not support customer workloads or deliver customer security services. 

The Corporate Security Operations Lead is responsible for security monitoring, logging coverage, vulnerability management, incident response coordination, identity and SaaS security, and security awareness, working within Shared Services alongside IT Operations and Compliance.
The role includes on‑call responsibility for security‑related escalations originating from Carbon60’s 24×7 monitoring provider (Coralogix). As Carbon60 grows, this role is expected to evolve into a people‑lead position, with security analysts reporting into it over time. 

Hybrid work environment: 1-2 days/week in Toronto office.

Your focus includes:

Security Operations and Monitoring 

Monitor and manage Carbon60’s cloud‑delivered security tooling, including: Coralogix for centralized security logging, alerting, and managed 24×7 monitoring, CrowdStrike Falcon for endpoint detection and response

Reco for SaaS security posture management 

Act as the primary internal escalation point for security alerts, including triage and investigation of alerts escalated by the Coralogix 24×7 monitoring team. 

Participate in an on‑call rotation to support security‑based escalations outside of business hours (escalation‑driven, not shift‑based SOC). 

Assess alert impact and severity, determine required response actions, and coordinate containment and remediation with IT Operations and platform teams. 

Maintain and continuously improve incident response playbooks and operational procedures. 

Produce regular operational security metrics and reporting, including incident trends, response times, tooling coverage, and posture indicators. 

Logging, Visibility and Coverage 

Ensure comprehensive security logging coverage across all systems and services used by Carbon60 employees, including: Corporate IT systems, Datacenter infrastructure, AWS and Azure environments, Identity platforms and key SaaS applications 

Validate that logs are properly onboarded, normalized, retained, and searchable within Coralogix. 

Work with IT and cloud teams to onboard new systems and close logging or visibility gaps as environments evolve. 

Identity, SaaS and Workspace Security 

Own and monitor security controls across identity and productivity platforms, including: Okta, Microsoft 365, Google Workspace 

Monitor authentication activity, privileged access, and SaaS posture using Reco and native platform tooling. 

Partner with IT to improve identity hygiene, MFA coverage, conditional access, and least‑privilege access controls. 

Support investigation and response to identity‑centric security incidents. 

Vulnerability Management and Endpoint Security 

Own the end‑to‑end vulnerability management program for Carbon60’s internal environments. 

Use Qualys and other vulnerability management tools to continuously assess all end‑user devices (laptops and workstations). 

Track vulnerabilities across internal servers, network infrastructure, and cloud resources. 

Prioritize vulnerabilities based on exploitability, exposure, and business impact. 

Coordinate remediation with IT teams, track progress against defined SLAs, manage risk exceptions, and verify remediation. 

Penetration Testing and Security Assessments 

Act as Carbon60’s internal security lead for external penetration testing and red‑team engagements focused on core internal environments. 

Penetration testing is performed by external providers; this role is not responsible for performing testing activities. 

Coordinate with third‑party red‑team and testing partners to define scope, facilitate testing, and review findings. 

Work closely with Operations, Infrastructure, Cloud, and Platform teams to translate findings into remediation plans, track remediation execution, validate closure, and document accepted risk where required. 

Incident Management and Response (Security) 

Act as the primary security lead for internal security incidents, including incidents involving: Corporate user accounts and identity platforms, Endpoints and servers, SaaS platforms, Internal cloud environments 

Coordinate with IT Operations, Compliance, HR, and leadership during internal security incidents. 

Provide security subject‑matter expertise during customer incidents only when Carbon60 employees, systems, credentials, or internal controls are involved, without owning customer incident response. 

Contribute to root‑cause analysis, post‑incident reviews, and continuous improvement of security controls. 

Compliance and Security Awareness 

Support the Compliance Administrator with security‑related compliance activities, including: SOC 2 audits (evidence gathering, control support, and validation of operational controls), completion of security questionnaires and customer security assessments,security awareness training and phishing simulations 

Assist with maintaining security policies, standards, and procedures. 

Help reinforce a strong security‑first culture across Carbon60. 

Required Experience and Skills :

4–7+ years of experience in security operations, vulnerability management, or infrastructure security 

Prior experience working in a managed services provider (MSP) environment 

Hands‑on experience with: CrowdStrike Falcon, Coralogix or similar SIEM/log analytics platforms, Reco or equivalent SaaS security tools, Qualys or comparable vulnerability management platforms 

Required experience securing and monitoring Okta, Microsoft 365, and Google Workspace 

Practical experience securing datacenters, AWS, and Azure environments 

Experience participating in on‑call rotations for security escalations 

Strong understanding of incident response, logging, and risk‑based vulnerability remediation 

Strong written and verbal communication skills for technical and non‑technical audiences 

Beneficial / Nice‑to‑Have Experience 

Identity, secrets, and access management: Akeyless, Azure Entra ID and Conditional Access 

Privileged access management tools such as CyberArk or BeyondTrust 

Other secrets management platforms such as HashiCorp Vault 

Endpoint, cloud, and platform security: Microsoft Intune, Jamf, MDM/MAM platforms, AWS Security Hub, Microsoft Defender for Cloud 

Email and SaaS security: Microsoft Defender for Office 365, Proofpoint or Abnormal Security 

Automation and frameworks: PowerShell, KQL, Python 

CIS Benchmarks, NIST CSF, SOC 2 aligned controls 

What's in it for you:

Compensation & Perks

Competitive compensation package

Retirement Savings Matching Program (RRSP)

Partnership with Perkopolis Discounts

Flexibility & Time Off

Hybrid work environment

Flexible work hours & location

Paid parental leave options

Health & Wellness

Employer-paid health & dental premiums

GreenShield+ Counselling Mental Health

$500 in Health Care Spending Account annually

Growth & Development

Career growth

Peer recognition rewards

Carbon60 is an equal opportunity employer and we welcome and encourage applications from people with all levels of ability. Accommodations are available on request for candidates taking part in all aspects of the selection process. We thank all applicants for their interest in this exciting opportunity.

Only candidates that meet the qualifications will be contacted for an interview.