Senior Security Operations Engineer
BlackBerry
Waterloo, ON-
Nombre de poste(s) à combler : 1
- Salaire À discuter
- Publié le 26 mars 2025
-
Date d'entrée en fonction : 1 poste à combler dès que possible
Description
Worker Sub-Type:
RegularJob Description:
SUMMARY:
BlackBerry is seeking a dynamic Senior Security Operations Engineer who thrives in an environment that demands constant adaptation and improvement. This role requires someone who can seamlessly pivot between operational response and engineering improvements - investigating complex security alerts one moment and automating similar cases the next. You'll transform manual processes into automated workflows, convert successful threat hunts into persistent detection rules, and continuously enhance our security capabilities. This position sits at the critical intersection of day-to-day security operations and strategic capability advancement.
RESPONSIBILITIES:
- Operational Excellence & Engineering Improvement:
- Triage and investigate complex security alerts while identifying opportunities for automation
- Convert manual investigation steps into automated enrichment and response workflows
- Transform successful threat hunting techniques into persistent detection rules
- Build and deploy custom detection logic based on emerging threat intelligence
- Continuous Advancement:
- Constantly evaluate security tool effectiveness and implement enhancements
- Develop SOAR playbooks to automate routine investigations and responses
- Create metrics to measure operational efficiency and security effectiveness
- Implement feedback loops to continuously refine detection and response capabilities
- Collaborative Leadership:
- Drive knowledge sharing across the security team on new detection methods
- Partner with infrastructure teams to improve security visibility
- Mentor team members on automation techniques and detection engineering
- Communicate complex security findings to technical and non-technical stakeholders
QUALIFICATIONS:
- Bachelor's Degree in a technical discipline; computer science, cybersecurity, or related field preferred
- 5+ years experience in security operations with demonstrated progression toward engineering responsibilities
- Proven experience with both:
- Hands-on security alert investigation and incident response
- Development of automation and detection engineering
- Strong programming skills with demonstrated proficiency in Python, Regex and experience with APIs
- Experience designing and implementing detection rules in SIEM or EDR platforms
- Hands-on experience with security orchestration and automation (SOAR) platforms
- Demonstrated ability to rapidly pivot between operational tasks and engineering improvements
- Experience translating threat intelligence into actionable detection capabilities
- Strong understanding of common attack techniques and defensive countermeasures
- Experience with cloud security monitoring in AWS, GCP, or Azure environments
TECHNICAL EXPERTISE (Must have experience with several of the following):
- SIEM platforms (Rapid 7 IDR, Wazuh, Microsoft Sentinel, etc.)
- SOAR technologies (Rapid 7 Insight Connect, Palo Alto XSOAR, etc.)
- EDR/XDR solutions
- Cloud security and monitoring tools
- Infrastructure-as-code tools (Terraform, CloudFormation)
- Version control systems (Git)
- CI/CD pipelines and processes
- Scripting and automation (Python, PowerShell, Regex)
- Threat intelligence platforms
PROFESSIONAL QUALITIES:
- Adaptability: Comfortable rapidly switching context between operational and engineering tasks
- Pattern Recognition: Exceptional ability to identify automation opportunities within operational workflows
- Continuous Improvement Mindset: Naturally seeks to enhance processes and capabilities
- Problem-Solving Agility: Can quickly troubleshoot immediate issues while developing long-term solutions
- Communication: Effectively shares insights across technical and non-technical audiences
- Initiative: Self-directed in identifying and addressing security gaps
- Collaboration: Works seamlessly across team boundaries to improve overall security posture
DESIRED ADDITIONAL QUALIFICATIONS:
- Security certifications (SANS GIAC, CISSP, OSCP, etc.)
- Experience with threat modeling and adversary emulation
- Experience with security data science or security analytics
- Contributions to open-source security tools or research
- Experience measuring and demonstrating security program effectiveness
#LI-NR1
Scheduled Weekly Hours:
40Exigences
non déterminé
non déterminé
non déterminé
non déterminé
D'autres offres de BlackBerry qui pourraient t'intéresser