Cyber Automation Lead

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Manager

Job Description & Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively.

The Opportunity:  

As a Cyber Automation Lead, unlock your potential and embrace the chance to drive meaningful outcomes that’ll elevate your career. Your role will include, but isn’t limited to: 

Microsoft Sentinel and XDR Expert  

• Design and implement Microsoft Sentinel as the primary SIEM platform, including data ingestion, normalization, and retention strategies.  

• Develop advanced detection content including analytics rules, hunting queries, workbooks, and threat models.  

• Integrate and manage XDR across endpoints, identity, cloud apps, and email to provide unified threat visibility and response.  

MCP and Cloud Integration  

• Lead MCP integration by connecting Microsoft Copilot for Security with Sentinel, SOAR, and cloud services to surface AI-driven insights.  

• Operationalize AI workflows for triage, enrichment, and investigation across Azure, M365, and hybrid environments.  

• Define guardrails for AI-assisted actions and ensure explainability and auditability of automated decisions.  

Automation and Orchestration  

• Build and maintain playbooks using Logic Apps, Azure Automation, PowerShell, and Python to automate containment, enrichment, and remediation.  

• Develop SOAR workflows that reduce manual steps and accelerate incident response times.  

• Maintain runbooks and version control for all automation assets and ensure secure credential handling.  

New Automation Initiative for Patch and Configuration Control  

• Establish and lead a program for automated patch management and security configuration gap control.  

• Implement continuous compliance monitoring and automated remediation workflows tied to CIS and NIST baselines.  

• Integrate vulnerability management with Sentinel and orchestration playbooks to prioritize and remediate exposures.  

Incident Response, Playbook Testing, and Quality Assurance  

• Operate as a senior responder for escalated incidents and lead post-incident reviews.  

• Test and validate playbooks regularly through tabletop exercises and simulated incidents.  

• Enforce quality gates for detection rule promotion and automation deployment to prevent production regressions.  

Stakeholder Coordination and Reporting  

• Coordinate with security, cloud, and platform teams to align detection, telemetry, and remediation priorities.  

• Prepare executive and operational dashboards showing detection coverage, automation impact, and risk posture.  

• Document decisions, action items, and runbook changes and maintain a central repository for audits.  

Process, Documentation, and Continuous Improvement  

• Define standardized processes for content development, testing, deployment, and rollback.  

• Maintain documentation for detection logic, playbooks, integrations, and MCP usage guidelines.  

• Drive continuous improvement by measuring automation ROI and iterating on detection and response maturity.  

What You'll Bring: 

Your skills, knowledge, and experiences are what set you apart. Here's what we look for:

• 5+ years of experience in security operations, SIEM engineering, or security monitoring with hands-on responsibility for Microsoft security technologies.  

• Proven experience implementing and tuning Microsoft Sentinel detections, investigations, dashboards, and automation playbooks in enterprise environments.  

• Experience integrating Defender XDR, identity, endpoint, email, and cloud telemetry to support unified detection and response workflows.  

• Demonstrated delivery of automation initiatives using Logic Apps, PowerShell, Python, or Azure Automation to reduce manual effort and improve response speed.  

• Experience working with cross-functional teams, documenting processes, supporting audits, and reporting operational performance to technical and leadership stakeholders.  

• Strong knowledge of Microsoft Sentinel architecture, analytics rules, workbooks, KQL, data connectors, and log normalization practices.  

• Good understanding of Defender XDR, Microsoft 365 security, Entra ID, Azure security services, and hybrid cloud security operations.  

• Knowledge of SOAR design patterns, Logic Apps, Azure Automation, scripting, API integrations, and secure credential handling.  

• Familiarity with incident response lifecycle, threat detection engineering, vulnerability management, and patch/configuration control frameworks such as CIS and NIST.  

• Understanding of governance, testing, change control, documentation standards, and KPI-based service performance measurement.  

• This role requires Enhanced Security Clearance. As part of our hiring process, Security Clearance is mandatory for all personnel assigned to these roles. Prior to applying, please review the Government of Canada website to ensure you meet eligibility requirements. Obtaining this clearance will be an employment condition should you receive an offer from PwC.

• Pwc Canada is committed to cultivating an inclusive, hybrid work enviroment. Exact expectations for your team can be discussed

This newly created role reflects our commitment to growth and delivering distinctive value for our clients and stakeholders.

The salary range for this position is $112,400 - $162,400. The posted salary range represents the expected hiring range for PwC locations in major city centres. Given our national recruiting approach, ranges may vary for positions in other locations. At PwC Canada, base salary is determined by your skills, experience, qualifications and work location. In addition to base salary, eligible employees may have opportunities to participate in variable incentive pay programs which are designed to reward individual and firm-wide achievements. We are committed to offering competitive compensation and adhere to all relevant pay transparency legislation. During the hiring process, our Talent Acquisition team will provide details about our comprehensive total rewards package.

Why you’ll love PwC  

We’re inspiring and empowering our people to change the world. Powered by the latest technology, you’ll be a part of diverse teams helping public and private clients build trust and deliver sustained outcomes. This meaningful work, and our continuous development environment, will take your career to the next level. We reward your impact, and support your wellbeing, through a competitive compensation package, inclusive benefits and flexibility programs that will help you thrive in work and life. Learn more about our Application Process and Total Rewards Package at:  https://jobs-ca.pwc.com/ca/en/life-at-pwc 

PwC Canada acknowledges that we work and live across Turtle Island, on the land that is now known as Canada, which are the lands of the ancestral, treaty and unceded territories of the First Nations, Métis and Inuit Peoples. We recognize the systemic racism, colonialism and oppression that Indigenous Peoples have experienced and still go through, and we commit to allyship and solidarity.

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Coaching and Feedback, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Learning Agility, Managed Services, Optimism, Privacy Compliance, Professional Courage {+ 13 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date

We’re committed to providing accommodation throughout the application, interview, and employment process. If you require accommodation to be at your best, please let us know during the application process.

The use of artificial intelligence (AI) in recruiting is just getting started, so we know you have questions about how and why we use it. At certain points during our recruiting process, we rely on AI to improve your experience. This could be during resume review or curating personalized job recommendations, asking you clarifying questions via a chatbot or during our interview scheduling to improve your experience. Our use of AI helps ensure we combat bias by evaluating candidates equally and fairly, without seeing identity information, such as your name, or gender for example). AI also helps us better predict successful hires by reviewing all applicants for a role and the relationship between your skills, experience and likely success at PwC Canada. While AI supports parts of our recruitment process, final hiring decisions always involve human review. For more information about our use and protection of your data, please refer to our Privacy Policy (https://www.pwc.com/ca/en/privacy-policy.html).

Nous tenons à répondre à vos besoins tout au long du processus de demande d’emploi, d’entrevue et d’embauche. Si vous avez besoin de mesures d’adaptation pour être parfaitement à l’aise, faites-le-nous savoir à l’étape de la demande d’emploi.

L’utilisation de l’intelligence artificielle (IA) dans le domaine du recrutement en est à ses balbutiements. Nous savons que vous pourriez vous demander comment et pourquoi nous y avons recours. À certains stades de notre processus de recrutement, nous comptons sur l’IA pour améliorer votre expérience. Par exemple, pendant l’examen du curriculum vitæ ou l’élaboration d’une liste de recommandations personnalisées, un agent conversationnel pourrait vous demander des précisions ou fixer avec vous un rendez-vous pour l’entrevue. L’IA nous aide à mieux lutter contre les préjugés, car l’évaluation des candidats se fait de façon juste et équitable, sans que les informations d’identification comme le nom ou le sexe soient connues. Elle nous permet également de mieux repérer les bons candidats pour un poste et d’évaluer le lien entre leurs compétences, leur expérience et leurs chances de réussir chez PwC Canada. Bien que l’IA facilite certaines étapes de notre processus de recrutement, les décisions finales d’embauche sont toujours prises par des personnes. Pour en savoir plus sur l’utilisation et la protection de vos données personnelles, consultez notre politique sur la protection des renseignements confidentiels (https://www.pwc.com/ca/fr/privacy-policy.html).