Information Security Analyst

  • Montreal, QC, Canada
  • Full-time

Company Description

About the company:


Thinking Capital is the leader in the Canadian Alternative Lending space, leveraging technology to be at the forefront of the FinTech industry. Since 2006, they have helped more than 10,000 small-to-medium sized Canadian businesses reach their full potential. By combining their people and technology, Thinking Capital is transforming the way business owners get the capital they need to grow. For more information, visit 

Job Description

Your role:

You are a passionate, ambitious and talented security professional looking to join Thinking Capital Expert red team. You will play a critical role in detecting and validating security threats and vulnerabilities, while also providing consultative support for response (action plans) and other security-related projects in a fast-paced environment.


Your tasks:

  • Analyze and establish security requirements for your systems/networks;
  • Defend systems against unauthorized access, modification and/or destruction;
  • Perform vulnerability testing, risk analyses and security assessments;
  • Hunting potential internal and external threats and developing detection mechanisms and reports;
  • Handling security incidents in line with the incident response processes;
  • Oversee and monitor routine security administration;
  • Develop and update business continuity and disaster recovery protocols;
  • Train fellow employees in security awareness, protocols and procedures;
  • Research and recommend security upgrades;
  • Providing security advices and promoting security awareness to other IT teams and clients;
  • Working actively on evolving our threats detection and team efficiency by acting on noise and false positive;
  • Perform physical security assessment and recommendations to ensure the security of the enterprise;
  • Insure that the security of the SDLC is well implemented and followed;
  • Maintain ISO27001 certification.


We want to hear from you if you have the following skillset:

  • Autonomous, ability to take full ownership of a task/issue until completion/resolution;
  • Excellent communication skills, both verbal and written;
  • Strong analytical and problem-solving skills;
  • Ability to work under pressure and able to quickly adjust to multiple requests, shifting priorities, ambiguity, and rapid change;
  • 3+ years' experience in the field;
  • Must have and maintain at least one of the following certifications: CISSP, CISA, CRISC or equivalent designation;
  • Demonstrated experience working with Risk, Security or Audit frameworks (i.e., COBIT, ISO 27001/2);
  • Skills in network analysis, sandboxing, malware reversing or forensic is an asset;
  • Strong knowledge of vulnerabilities, CVE, 0day and their potential impacts;
  • Keeping aware and continually informed of the worldwide security landscape: new threats, actors, du jour attack, as well as the new security technologies and products;
  • Experience with Microsoft, Mac and Linux Operating Systems;
  • In-depth knowledge of shellcode, exploit creation, protocol analysis;
  • Capability of programming languages such as: Python, C, JavaScript, SQL;
  • Knowledge of applied encryption and key management (generation, rotation, storage, protection, etc.);
  • Experience with one or more of the following: IDS/IPS, SIEM, DLP, Nessus, Acunetic, vulnerability and patch management;
  • Strong interpersonal skills;
  • Bilingual (French and English), written and spoken.

Additional Information


Why work for Thinking Capital:

  • Great Team:
    Surround yourself with high-performing, energetic and passionate group of people dedicated to the Thinking Capital Mission;
  • FinTech Revolution:
    Be part of a team that is revolutionizing the financial system and redefining how Canadian small businesses access capital;
  • Our Stack:
    Our backend is a sophisticated service oriented architecture developed mostly in Java with a Spring framework. On the frontend side, our application is developed on an AngularJS framework. We use Git in coordination with the best DevOps practices for Continuous Integration and Deployment to our AWS cloud infrastructure.
  • Fast-Paced Environment:
    Take on complex projects in a start-up like collaborative environment;
  • Amazing Culture:
    Amazing work spaces, advanced technology tools, subsidized lunches, Foosball table, super fun work events (Amazing Race, Murder mystery wine and cheeses, Wacky Olympics, Casino nights and legendary holiday parties and more). Take a look!
  • Thinking Capital Academy:
    Get the opportunity to grow and advance in the company through continuous professional training;
  • Diverse Team:
    Join an “at-will” equal opportunity team that prides itself on it's diversity and harmony;