Senior Security Operations Engineer

Worker Sub-Type:

 Job Description: 

SUMMARY:

BlackBerry is seeking a dynamic Senior Security Operations Engineer who thrives in an environment that demands constant adaptation and improvement. This role requires someone who can seamlessly pivot between operational response and engineering improvements - investigating complex security alerts one moment and automating similar cases the next. You'll transform manual processes into automated workflows, convert successful threat hunts into persistent detection rules, and continuously enhance our security capabilities. This position sits at the critical intersection of day-to-day security operations and strategic capability advancement.

RESPONSIBILITIES:

• Operational Excellence & Engineering Improvement:
  • Triage and investigate complex security alerts while identifying opportunities for automation
  • Convert manual investigation steps into automated enrichment and response workflows
  • Transform successful threat hunting techniques into persistent detection rules
  • Build and deploy custom detection logic based on emerging threat intelligence
• Continuous Advancement:
  • Constantly evaluate security tool effectiveness and implement enhancements
  • Develop SOAR playbooks to automate routine investigations and responses
  • Create metrics to measure operational efficiency and security effectiveness
  • Implement feedback loops to continuously refine detection and response capabilities
• Collaborative Leadership:
  • Drive knowledge sharing across the security team on new detection methods
  • Partner with infrastructure teams to improve security visibility
  • Mentor team members on automation techniques and detection engineering
  • Communicate complex security findings to technical and non-technical stakeholders

QUALIFICATIONS:

• Bachelor's Degree in a technical discipline; computer science, cybersecurity, or related field preferred
• 5+ years experience in security operations with demonstrated progression toward engineering responsibilities
• Proven experience with both:
  • Hands-on security alert investigation and incident response
  • Development of automation and detection engineering
• Strong programming skills with demonstrated proficiency in Python, Regex and experience with APIs
• Experience designing and implementing detection rules in SIEM or EDR platforms
• Hands-on experience with security orchestration and automation (SOAR) platforms
• Demonstrated ability to rapidly pivot between operational tasks and engineering improvements
• Experience translating threat intelligence into actionable detection capabilities
• Strong understanding of common attack techniques and defensive countermeasures
• Experience with cloud security monitoring in AWS, GCP, or Azure environments

TECHNICAL EXPERTISE (Must have experience with several of the following):

• SIEM platforms (Rapid 7 IDR, Wazuh, Microsoft Sentinel, etc.)
• SOAR technologies (Rapid 7 Insight Connect, Palo Alto XSOAR, etc.)
• EDR/XDR solutions
• Cloud security and monitoring tools
• Infrastructure-as-code tools (Terraform, CloudFormation)
• Version control systems (Git)
• CI/CD pipelines and processes
• Scripting and automation (Python, PowerShell, Regex)
• Threat intelligence platforms

PROFESSIONAL QUALITIES:

• Adaptability: Comfortable rapidly switching context between operational and engineering tasks
• Pattern Recognition: Exceptional ability to identify automation opportunities within operational workflows
• Continuous Improvement Mindset: Naturally seeks to enhance processes and capabilities
• Problem-Solving Agility: Can quickly troubleshoot immediate issues while developing long-term solutions
• Communication: Effectively shares insights across technical and non-technical audiences
• Initiative: Self-directed in identifying and addressing security gaps
• Collaboration: Works seamlessly across team boundaries to improve overall security posture

DESIRED ADDITIONAL QUALIFICATIONS:

• Security certifications (SANS GIAC, CISSP, OSCP, etc.)
• Experience with threat modeling and adversary emulation
• Experience with security data science or security analytics
• Contributions to open-source security tools or research
• Experience measuring and demonstrating security program effectiveness

#LI-NR1

Scheduled Weekly Hours: