Lead the design and implementation of sophisticated, production-ready detection rules and queries across the ELK stack, security data lakes, and multi-cloud logging platforms.
Architect and optimize complex search queries, aggregations, and analytics dashboards for high-velocity security monitoring, focusing on performance and cost efficiency.
Design and build automated detection and response workflows (SOAR), ensuring seamless and reliable integration with critical incident response systems.
Serve as the primary liaison with the threat intelligence team, developing and owning the framework to translate intelligence into scalable, actionable detection capabilities (e.g., MITRE ATT&CK coverage).
Establish and maintain a robust detection rule library, query templates, and lead the creation of security analytics playbooks for the wider team.
Drive performance optimization and resource utilization strategies across petabyte-scale log datasets, including index design and data tiering.
Develop and standardize custom visualizations, dashboards, and executive reporting capabilities for security stakeholders.
Lead complex threat hunting operations, mentor junior team members on investigative techniques, and proactively refine detection logic to achieve near-zero false positive rates.
Collaborate closely with the platform team to define the logging architecture roadmap based on future detection requirements and security observability goals.
Proactively research emerging threats and attack patterns, translating novel techniques into strategic, forward-looking detection logic and advising security leadership.

Requirements

Senior-level expertise building and scaling enterprise-grade detection capabilities and security monitoring systems.
Expert-level query language proficiency in at least two of the following: Elasticsearch/Lucene, SQL, KQL (Kusto), or SPL (Splunk), demonstrating advanced optimization techniques.
Extensive Detection Engineering experience owning the full lifecycle of rules, alerts, and automated response workflows within a SIEM/SOAR environment.
Advanced log analysis skills across diverse, large-scale data sources, including multi-cloud logs (AWS, Azure, GCP), network flows, and advanced security tool outputs.
Deep dashboard and visualization expertise with tools like Kibana, Grafana, or Tableau, specifically for security metrics and executive reporting.
Proven expertise in leading threat hunting efforts using log data to proactively identify and track sophisticated threats and anomalous behavior across the environment.
Senior-level scripting and automation abilities (Python/Go/PowerShell), used to build custom tools, manage APIs, and drive detection automation at scale.
Architectural experience integrating and optimizing SIEM platforms, SOAR tools, and security orchestration systems.
Expert performance optimization skills covering query tuning, index design, data partitioning, and overall resource-efficient analytics on big data.
Significant incident response experience providing expert-level technical analysis and forensic support during major security incidents.
Demonstrate a keen interest in improving your craft by using AI.

Benefits

Competitive, equitable salary with top-tier health benefits, dental, and vision insurance
Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, Dublin, London, New York City and Sydney) to be in office min. twice per week.
Flexible time off policy, with an encouraged 20 days off per year.
$2000 annual counseling benefit
RRSP matching and RESP contribution
Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

ElasticsearchSQLKQLSPLDetection Engineeringlog analysisscriptingautomationperformance optimizationincident response

Soft Skills

leadershipmentoringcollaborationcommunicationproactive research