Senior Security and Detections Engineer

Cybera•Calgary, AB

37d•Hybrid

About The Position

Cybera’s Regional Security Operations Centre (rSOC) provides shared, advanced cybersecurity services to Alberta’s post-secondary and research sector, with growing national and international partnerships. We are looking for a Senior Security and Detections Engineer to help design, build, and continuously improve the detection content that underpins our SOC. This role focuses on developing high-quality detection use cases, data integrations, and analytics across SIEM, UEBA, and SOAR platforms—turning raw telemetry into actionable security outcomes. You’ll work closely with SOC analysts, technical operations, and sector partners to evolve detection strategies that are threat-informed, measurable, and aligned to the unique risk landscape of higher education and research.

Requirements

Bachelor’s degree in Computer Science, Information Security, or a related field
3+ years of experience in security engineering, detection engineering, or a related role
Strong understanding of operating systems, networks, and core security concepts
Hands-on experience with SIEM, SOAR, UEBA, and related security platforms
Proven analytical, problem-solving, and threat research skills
Strong communication skills and ability to work independently

Nice To Haves

Scripting and automation experience (Python, PowerShell, Bash, Perl) and Git
Strong knowledge of SQL and data platforms such as MongoDB or MariaDB
Experience performing investigations on a wide variety of events from various sources to determine whether they pose a threat
Detection engineering experience using regular expressions, correlation logic, enrichment, and feature extraction
Familiarity with detection-as-code approaches (e.g., YAML, Sigma, Snort IDS/IPS)
Experience integrating Threat Intelligence Platforms (TIPs) into detection workflows
Knowledge of adversary tactics and techniques (MITRE ATT&CK framework)
Knowledge of Windows internals, Active Directory, and enterprise identity environments
Exposure to cloud and container security detection
Understanding of big data, machine learning, or anomaly detection techniques (supervised or unsupervised)
CISSP, CISM, CEH, CompTIA Security+ or CySA+, and/or GIAC certifications

Responsibilities

Design, develop, and maintain detection rules and use cases across SIEM, UEBA, and SOAR
Normalize, transform, and enrich log and event data to maximize detection value
Build searches, data models, dashboards, and metrics to support alerting and SOC performance
Integrate threat intelligence, IOCs, and adversary research into detection logic
Partner with SOC analysts to identify behavioral patterns and anomalous activity
Implement and manage a structured detection lifecycle (testing, tuning, validation)
Collaborate with national and international partners on sector-specific detections
Manage detection content through version control, deployment, and continuous improvement
Support and maintain assigned rSOC security platforms

Benefits

A hybrid working environment, with flexible hours.
Highly supportive and inclusive work culture.
35 hour work weeks, except in July and August where we work 32 hour work weeks and have every Friday off.
Health & Vision benefits from day 1
Long & Short term disability benefits from day 1
Flexible Health Spending Account (after successful probation)
Annual professional development funds
Regular Lunch & Learns covering department updates to EDI topics
RRSP program (after successful probation)
Healthy snacks in the office – and sometimes unhealthy snacks
10 days per year to use for sick time or mental health breaks
The opportunity to invest in yourself and your career