Threat Intelligence Analyst

McCormick & Company, Inc., a world leader in the spice, flavor and seasonings industry, is seeking a full time Threat Intelligence Analyst. This is position will be located in London, ON. This position will report to the Director, Cyber Security Threat Intelligence and Incident Response

With more than $5 billion in annual sales, the Company manufactures markets and distributes spices, seasoning mixes, condiments and other flavorful products to the entire food industry – retail outlets, food manufacturers and foodservice businesses.  We create differentiating flavors consumers prefer with unmatched quality, science, innovation and service.  Every day, no matter where or what you eat, you can enjoy food flavored by McCormick.  McCormick brings passion to flavor™!


As a company recognized for exceptional commitment to employees, McCormick offers a wide variety of benefits, programs and services.  Benefits include, but are not limited to, tuition assistance, medical, dental, vision, disability, group life insurance, profit sharing, paid holidays and vacations.

Position Overview/Primary Purpose:

The Threat Intelligence Analyst – This role works with the team that defines the strategic vision, roadmap, principals and standards for McCormick’s Threat Intelligence and incident response capabilities.  The scope of this role includes providing expertise and understanding of the threat landscape working with different teams to mitigate risk and understand the threats that might impact our business.  Provide expert knowledge of Threat Intelligence process and technologies including VM, SIEM, SOC, threat hunting, Incident response, and cloud security. In this role you will track, analyze, and respond to incoming threats and respond to incidents. You will be involved in the evolution of our threat intelligence program as we build new capabilities and enhance current one’s for cloud security. Central to this is building the technology, processes and capabilities identify threats across the infrastructure both on premise and in the cloud.  To accomplish this, you will work closely with our internal security teams, managed service providers and other partners to help develop threat intelligence program that is resilient and supportable.

This position will provide the opportunity to assist in monitoring and protecting McCormick cloud applications and infrastructure, local infrastructure, and physical locations against intrusion, hacking attempts, viruses, malware, and vulnerabilities. You would play a key role in assisting the Security teams in implementing various security initiatives.  This role will be an integral part of our Security Operations Centre (SOC) aligned with our threat intelligence and incident response teams.


This position will also be responsible for working with other Security team members to respond to incidents, participate in security investigations and forensics, and lead, consult, and participate in IT projects and initiatives.

This role reports to the Director of Cyber Security Threat Intelligence and Incident Response



  • Assist with the development and maintenance of our security roadmap. Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of the IT Security Leadership, where appropriate.


  • Assist with the identification of the tools, processes and controls required to effectively secure the McCormick enterprise ensuring the confidentiality, integrity and availability of the Company’s information assets. Work with security team to deploy and operate the threat intelligence tools and processes
  • Assist with a variety of security applications and services such as Vulnerability management, SIEM, Firewalls, IDS/IPS, Content Filtering, Anti-Malware, Anti-Virus, Forensic and Data Loss / Leakage tools. The escalation of threats and incidents to management and the development of recommendations based on incident findings
  • Threat hunting, forensics, and incident response is included in daily responsibilities.
  • Monitor and analyze traffic and events/alerts and advise on remediation actions
  • Review and assess impact and remediation actions for incidents escalated by Tier 1
  • Investigate intrusion attempts and perform in-depth analysis of exploits by correlating various sources and determining which system or data set is affected.
  • Follow standard operating procedures for detecting, classifying, and reporting incidents
  • Demonstrate network expertise to support timely and effective decision making of when to declare an incident
  • Conduct proactive threat research
  • Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
  • Independently follow procedures to identify, contain, analyze, document and eradicate malicious activity
  • Document all activities during an incident and provide leadership with status updates during the life cycle of the incident
  • Escalate information regarding intrusion events, security incidents, and other threat indications and warning information to the client
  • Track trends and configure systems as required to reduce false positives from true events.
  • Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions
  • Provide written analysis for monthly reports on an as-needed basis


Required Qualifications:

  • Bachelor’s degree in Information Technology or in a relevant field.
  • 5 years experience working in a SOC environment, incident response, threat hunting, vulnerability management and SIEM.
  • 3 years experience working in a 24x7 global enterprise environment.
  • Understanding of Security principles, techniques and technologies such as SANS Top 20 Critical Security Controls, NIST Cybersecurity Framework, CIS Controls and OWASP Top 10.
  • Understanding of incident handling and forensics, Risk Assessment & Quantification methodologies, and familiarity with automated security monitoring systems and log correlation. Microsoft Windows and Unix Operating Systems basics
  • Proven experience in IT systems design and development of security tools and platforms such as Azure, Rapid 7, QRadar, Sentinel, Microsoft AD/Azure AD, and 365. Experience working with offensive security tools and processes.
  • Possess an enterprise-wide view of security operations with varying degrees of appreciation for strategy, processes and capabilities, enabling technologies, and governance.
  • Understand complex architecture concepts across multiple technologies within systems in a hybrid cloud architecture
  • Experience working in a team-oriented, collaborative environment.
  • Exceptional communication skills and the ability to communicate appropriately at all levels of the organization; this includes written and verbal communications as well as visualizations.
  • Positive approach to customer service with demonstrated ability to handle high pressure support needs in a calm, respectful, and efficient manner.
  • Ability to maintain confidential and personal information


Preferred Qualifications:

A combination of the following 

  • CCSK – Certificate of Cloud Security Knowledge
  • AWS Certified Solutions Architect – Associate (T59B3N3CL141QH51)
  • CEH – EC | Council Certified Ethical Hacker (ECC3072461958)
  • ITIL Foundation v4 (GR671013561MO)
  • ITIL Intermediate – IT Service Operation (GR754062762MO)
  • CCNA – Cisco Certified Network Associate (CSCO12222391)
  • CISC – Certified Information Security Consultant
  • CPFA – Certified Professional Forensics Analyst
  • RHCE – Red Hat Certified Engineer
  • Microsoft Certified: Azure Security Engineer Associate