Incident Response Consultant

Insight Global is looking for an Incident Response Consultant to join a large banking client on a 6-month contract with potential extension, working hybrid in downtown Toronto (2 days/week onsite, Wednesday as a core day). The successful candidate will support the Global Security Operations Center (GSOC) and play a key role in evaluating cybersecurity tooling and onboarding initiatives tied to monitoring and response programs.
This individual will spend approximately 60% of their time reviewing security-related projects (including AI and cybersecurity tooling changes) to determine whether tools should be integrated into the organization’s monitoring ecosystem. This includes reviewing security architecture diagrams, assessing risks, and ensuring data from tools is properly routed into centralized platforms. The remaining 40% of the role will focus on log onboarding and log quality—ensuring the right telemetry is captured within SIEM and UEBA platforms, identifying gaps, and validating detection and investigation capabilities. This is a highly collaborative role involving coordination across multiple technical and business teams.

Please Note: We may use artificial intelligence tools to assist with the screening, assessment, or selection of potential applicants for this position.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 3–5 years of experience working in Incident Response (IR) or SOC Level 2 within medium to large enterprises
• Strong understanding of security logs, telemetry, and the detection/response lifecycle
• Hands-on experience with SIEM platforms, preferably Splunk
• Experience with log ingestion, parsing, normalization, and data quality assessment
• Ability to evaluate whether logs support detection and investigation use cases
• Experience reviewing security architecture diagrams and understanding data flows
• Ability to define logging requirements and identify gaps during project reviews
• Strong stakeholder management skills with the ability to lead technical discussions across teams
• Ability to translate security requirements into clear, actionable guidance
• High level of persistence, ownership, and ability to manage multiple concurrent initiatives

• Familiarity with cloud logging ecosystems (AWS, Azure, SaaS platforms)
• Understanding of distributed systems logging (e.g., correlation IDs, tracing)
• Experience with UEBA platforms such as Exabeam
• Strong documentation and requirements-writing skills
• Experience designing logging standards or observability strategies
• Experience with security reviews or governance processes
• Familiarity with workflow/intake tools (ServiceNow, Jira)
• Knowledge of MITRE ATT&CK and threat-based detection design
• Experience writing detections using tools such as Splunk, Sigma, KQL, or Logscale
• Ability to simplify complex technical concepts for non-technical stakeholders

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.