Senior Security Operations Specialist
- Waterloo, ON
- Permanent
- Full-time
- Operational Excellence & Engineering Improvement:
- Triage and investigate complex security alerts while identifying opportunities for automation
- Convert manual investigation steps into automated enrichment and response workflows
- Transform successful threat hunting techniques into persistent detection rules
- Build and deploy custom detection logic based on emerging threat intelligence
- Continuous Advancement:
- Constantly evaluate security tool effectiveness and implement enhancements
- Develop SOAR playbooks to automate routine investigations and responses
- Create metrics to measure operational efficiency and security effectiveness
- Implement feedback loops to continuously refine detection and response capabilities
- Collaborative Leadership:
- Drive knowledge sharing across the security team on new detection methods
- Partner with infrastructure teams to improve security visibility
- Mentor team members on automation techniques and detection engineering
- Communicate complex security findings to technical and non-technical stakeholders
- Bachelor's Degree in a technical discipline; computer science, cybersecurity, or related field preferred
- 5+ years experience in security operations with demonstrated progression toward engineering responsibilities
- Proven experience with both:
- Hands-on security alert investigation and incident response
- Development of automation and detection engineering
- Strong programming skills with demonstrated proficiency in Python, Regex and experience with APIs
- Experience designing and implementing detection rules in SIEM or EDR platforms
- Hands-on experience with security orchestration and automation (SOAR) platforms
- Demonstrated ability to rapidly pivot between operational tasks and engineering improvements
- Experience translating threat intelligence into actionable detection capabilities
- Strong understanding of common attack techniques and defensive countermeasures
- Experience with cloud security monitoring in AWS, GCP, or Azure environments
- SIEM platforms (Rapid 7 IDR, Wazuh, Microsoft Sentinel, etc.)
- SOAR technologies (Rapid 7 Insight Connect, Palo Alto XSOAR, etc.)
- EDR/XDR solutions
- Cloud security and monitoring tools
- Infrastructure-as-code tools (Terraform, CloudFormation)
- Version control systems (Git)
- CI/CD pipelines and processes
- Scripting and automation (Python, PowerShell, Regex)
- Threat intelligence platforms
- Adaptability: Comfortable rapidly switching context between operational and engineering tasks
- Pattern Recognition: Exceptional ability to identify automation opportunities within operational workflows
- Continuous Improvement Mindset: Naturally seeks to enhance processes and capabilities
- Problem-Solving Agility: Can quickly troubleshoot immediate issues while developing long-term solutions
- Communication: Effectively shares insights across technical and non-technical audiences
- Initiative: Self-directed in identifying and addressing security gaps
- Collaboration: Works seamlessly across team boundaries to improve overall security posture
- Security certifications (SANS GIAC, CISSP, OSCP, etc.)
- Experience with threat modeling and adversary emulation
- Experience with security data science or security analytics
- Contributions to open-source security tools or research
- Experience measuring and demonstrating security program effectiveness