SIEM Detection Engineer

About your next Challenge as a SIEM Detection Engineer:

We are seeking an experienced Security Information and Event Management(SIEM) Detection Engineer to join our this role you will design implement and optimize advanced detection capabilities across open-source SIEM platforms with a focus on Wazuh Shuffle and other telemetry sources. You will play a pivotal role in developing our threat detection response and hunting capabilities ensuring the security posture remains resilient against evolving threats. Your expertise will directly contribute to the development of scalable reusable detection logic and the continuous improvement of our security operations.

What will you do:

Detection Development:

• Design implement and optimize scalable and reusable detection use cases across open-source SIEM platforms extending beyond vendor-built detections (e.g. Wazuh) to address both current and emerging threats.
• Develop tune and maintain detection rules for SIEM EDR and other telemetry sources ensuring alignment with the latest threat intelligence.
• Build and maintain detection-as-code pipelines using technologies such as Wazuh Shuffle and ClamAV.
• Correlate threat intelligence with internal telemetry to enrich detection logic and improve accuracy.
• Create detailed runbooks for adversary emulation and control validation leveraging open-source software technologies.

Threat Simulation & Collaboration:

• Collaborate with the Senior Cyber Specialist to simulate relevant and emergent threat actor tactics techniques and procedures (TTPs).
• Utilize frameworks such as MITRE ATT&CK and D3FEND to assess track and enhance detection coverage.

Reporting & Communication:

• Prepare clear concise situation reports and activity summaries for customers and senior leadership.
• Develop and deliver technical walkthroughs proof-of-concept (PoC) demonstrations presentations and articles to stakeholders.

Research & Development:

• Conduct research and development to innovate defensive tactics techniques and procedures (TTPs).
• Develop custom applications utilities and automation scripts to enhance detection and response capabilities.
• Advance threat hunting capabilities aligned with MITRE ATT&CK and emerging offensive TTPs.
• Contribute to the evolution of digital forensics and incident response (DFIR) tools techniques and methodologies

Required Skills and Experiences:

• Bachelors degree in engineering or computer science or technical college diploma
• 57 years of consecutive experience deploying administering and optimizing open-source SIEM platforms with a focus on Wazuh Shuffle or similar technologies.
• Proven expertise in detection engineering including rule development tuning and threat intelligence integration.
• Strong background in threat hunting adversary emulation and DFIR.
• Experience with MITRE ATT&CK D3FEND and other cybersecurity frameworks.
• Excellent communication and presentation skills with the ability to convey complex technical concepts to diverse audiences.
• Demonstrated ability to mentor team members and contribute to a culture of continuous improvement.

Eligibility Criteria (Mandatory):

• Must be eligible for registration with theControlled Goods Program;
• Must be eligible to obtain and maintain a government of Canada Reliability status and Level 2 (Secret)security clearance.
• Must be eligible to meet the requirements for U.S. International Traffic in Arms Regulations (ITAR).