Title: SIEM Detection Engineer
Ottawa, ON, CA, K2H 9N6
About your next Challenge as a SIEM Detection Engineer:
We are seeking an experienced Security Information and Event Management(SIEM) Detection Engineer to join our team. In this role, you will design, implement, and optimize advanced detection capabilities across open-source SIEM platforms, with a focus on Wazuh, Shuffle, and other telemetry sources. You will play a pivotal role in developing our threat detection, response, and hunting capabilities, ensuring the security posture remains resilient against evolving threats. Your expertise will directly contribute to the development of scalable, reusable detection logic and the continuous improvement of our security operations.
What will you do:
Detection Development:
- Design, implement, and optimize scalable and reusable detection use cases across open-source SIEM platforms, extending beyond vendor-built detections (e.g., Wazuh), to address both current and emerging threats.
- Develop, tune, and maintain detection rules for SIEM, EDR, and other telemetry sources, ensuring alignment with the latest threat intelligence.
- Build and maintain detection-as-code pipelines using technologies such as Wazuh, Shuffle, and ClamAV.
- Correlate threat intelligence with internal telemetry to enrich detection logic and improve accuracy.
- Create detailed runbooks for adversary emulation and control validation, leveraging open-source software technologies.
Threat Simulation & Collaboration:
- Collaborate with the Senior Cyber Specialist to simulate relevant and emergent threat actor tactics, techniques, and procedures (TTPs).
- Utilize frameworks such as MITRE ATT&CK and D3FEND to assess, track, and enhance detection coverage.
Reporting & Communication:
- Prepare clear, concise situation reports and activity summaries for customers and senior leadership.
- Develop and deliver technical walkthroughs, proof-of-concept (PoC) demonstrations, presentations, and articles to stakeholders.
Research & Development:
- Conduct research and development to innovate defensive tactics, techniques, and procedures (TTPs).
- Develop custom applications, utilities, and automation scripts to enhance detection and response capabilities.
- Advance threat hunting capabilities aligned with MITRE ATT&CK and emerging offensive TTPs.
- Contribute to the evolution of digital forensics and incident response (DFIR) tools, techniques, and methodologies
Required Skills and Experiences:
- Bachelors degree in engineering or computer science or technical college diploma
- 5–7 years of consecutive experience deploying, administering, and optimizing open-source SIEM platforms, with a focus on Wazuh, Shuffle, or similar technologies.
- Proven expertise in detection engineering, including rule development, tuning, and threat intelligence integration.
- Strong background in threat hunting, adversary emulation, and DFIR.
- Experience with MITRE ATT&CK, D3FEND, and other cybersecurity frameworks.
- Excellent communication and presentation skills, with the ability to convey complex technical concepts to diverse audiences.
- Demonstrated ability to mentor team members and contribute to a culture of continuous improvement.
Eligibility Criteria (Mandatory):
- Must be eligible for registration with the Controlled Goods Program;
- Must be eligible to obtain and maintain a government of Canada “Reliability” status and Level 2 (Secret) security clearance.
- Must be eligible to meet the requirements for U.S. International Traffic in Arms Regulations (ITAR).