SOC Content Engineer

About The Position

Requirements

• Active Government of Canada Secret clearance (or eligibility)
• 8+ years of experience in information/cybersecurity with focus on SOC services and detection and response capabilities
• Experience in SOC engineering, SIEM implementation, or detection content development
• Hands-on experience with Elastic Security / ELK stack
• Strong understanding of log sources and security telemetry
• Strong understanding of data ingestion pipelines and normalization
• Strong understanding of detection rule development and tuning
• Experience supporting implementation and onboarding activities
• Willingness to work on-site in Ottawa (5 days/week)

Nice To Haves

• Experience working on SOC build / transformation programs
• Familiarity with MITRE ATT&CK or threat modeling frameworks
• Familiarity with SOAR platforms
• Familiarity with EDR/XDR technologies
• Familiarity with threat intelligence integration
• Strong documentation and communication skills
• Experience in consulting or managed security services environments

Responsibilities

• Implement and configure Elastic Security SIEM, XDR, and EDR capabilities across client environments
• Support log ingestion and data onboarding, including configuration, parsing, normalization, and validation
• Develop, tune, and maintain detection rules and alerts
• Develop, tune, and maintain dashboards, reports and visualizations
• Implement threat-based use cases aligned with client requirements and security frameworks
• Execute assigned SIEM/SOC implementation workstreams with accountability for timelines and quality
• Work closely with SOC architects to implement approved designs and architecture patterns
• Support testing, validation, and deployment of SOC capabilities
• Optimize platform performance, data quality, and detection effectiveness
• Collaborate with SOC architects and senior leads
• Collaborate with engineers and platform specialists
• Collaborate with SOC analysts and incident responders
• Support integration of telemetry across cloud platforms (e.g., Azure, AWS), on-prem systems, and hybrid environments
• Improve detection quality through rule tuning and false positive reduction
• Improve detection quality by enhancing coverage across threat scenarios
• Align detection content with MITRE ATT&CK framework or similar models
• Contribute to runbooks, documentation, and onboarding artefacts
• Contribute to knowledge sharing and reusable assets

Benefits

• Information on benefits is here.