Security Associate Manager - SOC L3, Toronto

We Are Accenture Security helps organizations prepare, protect, detect, respond, and recover across the full security lifecycle. Cybersecurity challenges differ across industries and client environments, so we bring global expertise, advanced technologies, and proven delivery models to create integrated solutions tailored to each client’s needs. Whether we’re defending against known attacks, detecting and responding to emerging threats, or operating a full security operations capability, we help clients build cyber resilience so they can grow with confidence.

You Are You’re a security professional who is energized by outsmarting adversaries and strengthening defenses. You bring hands‑on cyber operations expertise along with the ability to guide teams, manage service delivery, and communicate effectively with clients. You’re comfortable operating in a RUN environment, providing structure and oversight while ensuring high quality detection and response outcomes. You translate technical findings into clear, business‑relevant insights and thrive in fast‑paced, collaborative environments where trust, accountability, and service excellence matter.

The Work As a SOC L3 Analyst, you will serve as the senior technical escalation point for security incidents, providing deep‑dive analysis, investigation leadership, and expert guidance through incident resolution and closure. You will work closely with SOC L1/L2 analysts, client stakeholders, and engineering teams to ensure incidents are fully understood, contained, remediated, and properly documented.

This role is hands‑on and delivery critical, with a strong focus on incident investigations, contextual analysis, and operational excellence.

Key Responsibilities

Act as the L3 escalation point for complex and high severity security incidents across Microsoft security platforms

Perform advanced investigations using Microsoft Sentinel, Defender XDR, and Defender portal workflows

Lead incident response activities across:

Microsoft Defender for Endpoint (MDE)

Microsoft Defender for Identity (MDI)

Microsoft Defender for Office 365 (MDO)

Cloud workloads and identity‑based incidents

Email Security Platforms

Correlate telemetry across SIEM, endpoint, identity, cloud, and email security to determine root cause, scope, and impact

Drive incidents through containment, eradication, remediation, and closure, validating response effectiveness

Design, tune, and optimize Sentinel analytic rules, detection logic, and alert fidelity based on threat intelligence and incident learnings

Perform log source onboarding, tuning, and normalization, ensuring high‑quality and actionable telemetry

Develop and enhance automation and response workflows using Sentinel automation rules and Logic Apps

Build and maintain investigation and response playbooks to standardize L1/L2 analyst response

Support and execute Sentinel to Defender XDR transition activities, including detection alignment and investigation process changes

Validate alert severity, escalation decisions, and response actions taken by SOC L1/L2 analysts

Provide technical mentorship and investigation guidance to junior analysts

Collaborate with detection engineering and platform teams to resolve systemic detection or data quality issues

Support use case lifecycle management, including:

Detection validation

False positive reduction

Coverage gap identification

Contribute to post incident reviews (PIRs) and continuous improvement initiatives

Ensure investigations are properly documented, auditable, and aligned with SOC processes

(Optional) Support advanced integrations and capabilities such as:

Sentinel Data Lake / log tiering

Security considerations for Microsoft Copilot and AI workloads

Required Skills&Experience

Strong hands‑on expertise with the Microsoft security ecosystem, including Sentinel and Defender suite

Demonstrated experience handling advanced incidents across endpoint, identity, email, and cloud environments

Proven ability to perform deep‑dive root cause analysis and threat hunting

Experience developing automation and SOAR workflows

Strong understanding of incident response across Microsoft Defender XDR

Experience tuning detections and log sources to improve signal‑to‑noise ratio

Ability to work effectively under pressure during P1 / high severity incidents

Experience operating in a managed services / SOC RUN environment

Strong communication skills, with the ability to translate technical findings to business stakeholders

Optional but beneficial:

Experience with Sentinel Data Lake

Exposure to Microsoft Copilot security controls

Bonus Points If You Have

Experience working with public sector or regulated environments

Exposure to SOC service transitions and operational maturity improvements

Experience with detection engineering, threat hunting, or intelligence‑driven security operations

Relevant certifications (e.g., SC 200, SC 100, CISSP, GIAC, etc.)

Experience supporting or managing client‑facing security services

Experience in operational reporting, metrics, and service governance

Compensation at Accenture varies depending on a wide array of factors, which may include but are not limited to the specific office location, role, skill set, and level of experience. As required by local law, Accenture provides a reasonable range of compensation, based on full‑time employment, for roles that may be hired as set forth below. The recruiting efforts for this position are intended to fill a brand new position. The base pay range shown below is intended as a guideline to reflect the majority of offers for this role. It does not represent a maximum limit —in some cases, actual compensation may exceed the range where appropriate. Information on benefits is here.

Role Location | Annual Salary Range British Columbia/Ontario | $82,600 to $132,600

#J-18808-Ljbffr