is more than just a tech company–we are a global leader that is transforming the legal experience for all by while .Summary:We are currently seeking a Logging & Detection Engineer to join our rapidly growing Security team and our new Logging Engineering team. This role is for someone passionate about building sophisticated detection capabilities, crafting efficient queries, and driving security analytics through log data. You will focus on the detection and analysis layer of our logging platform while making a tangible impact on our security monitoring capabilities.This role is available to candidates across Canada (excluding Quebec). If you are local to one of our hubs (Burnaby, Calgary, or Toronto) you will be expected to be in office minimum two days per week for our Anchor Days.What your team doesAre you someone who's always probing and asking why, someone who enjoys finding patterns in data and building smarter detection logic? If so, we have a spot for you on Clio's new Logging Engineering team! We are looking for the right candidate to develop and optimize our security detection capabilities, and be a technical expert in query optimization and analytics. If you have a strong background in security analytics with experience in log analysis and detection engineering, then we want to talk to you.What you’ll work onDesign and implement sophisticated detection rules and queries across ELK stack, security data lakes, and cloud logging platformsBuild and optimize complex search queries, aggregations, and analytics dashboards for security monitoringDevelop automated detection workflows and integrate detection logic with incident response systemsPartner with the security team to translate threat intelligence into actionable detection capabilitiesCreate and maintain detection rule libraries, query templates, and security analytics playbooksOptimize query performance and resource utilization across large-scale log datasetsBuild custom visualizations, dashboards, and reporting capabilities for security stakeholdersInvestigate security alerts, perform threat hunting, and refine detection accuracy to reduce false positivesCollaborate with the platform team to influence logging architecture based on detection requirementsStay current with emerging threats and translate new attack patterns into detection logicWhat you bringProven expertise building detection capabilities and security monitoring systems, typically gained over 3+ years of relevant experience.Query language proficiency in Elasticsearch/Lucene, SQL, KQL (Kusto), SPL (Splunk), or similar query languagesDetection engineering experience creating rules, alerts, and automated response workflows for security eventsLog analysis skills across multiple data sources including cloud logs, application logs, and security tool outputsDashboard and visualization experience with Kibana, Grafana, Tableau, or custom analytics interfacesThreat hunting expertise using log data to proactively identify security threats and anomalous behaviorScripting and automation abilities in Python, PowerShell, or similar languages for detection automationSecurity tools integration experience with SIEM platforms, SOAR tools, and security orchestrationPerformance optimization skills for query tuning, index optimization, and resource-efficient analyticsIncident response support experience investigating alerts and providing technical analysis for security incidentsNice to haveAdvanced analytics experience with machine learning, statistical analysis, or behavioral analytics for securityMulti-platform detection experience across cloud platforms (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs)Custom detection development building detection logic for specific threat frameworks (MITRE ATT&CK, Kill Chain)Security certification such as GCTI, GCFA, GNFA, or other threat hunting/forensics certificationsOpen source contributions to detection rule repositories, security analytics tools, or SIEM contentData science background with experience in anomaly detection, clustering, or predictive analytics for securityAPI integration expertise for automated threat intelligence ingestion and detection rule managementCloud security analytics experience with cloud-native security services and serverless detection architecturesCompliance and reporting experience building analytics for regulatory requirements and security metricsWhat you will find here:Compensation is one of the main components of Clio’s Total Rewards Program. We have developed a series of programs and processes to ensure we are creating fair and competitive pay practices that form the foundation of our human and high-performing culture.Some highlights of our Total Rewards program include:Competitive, equitable salary with top-tier health benefits, dental, and vision insuranceHybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, and Dublin) to be in office minimum 2 days per week on our Anchor Days.Flexible time off policy, with an encouraged 20 days off per year.$2000 annual counseling benefitRRSP matching and RESP contributionClioversary recognition program with special acknowledgement at 3, 5, 7, and 10 yearsThe full salary range* for this role is $116,500 to $137,000 to $157,500 CAD.Please note salary bands may differ based on location and local currency. Additionally, benefit offerings may differ depending on the employee's location.*We aim to hire all candidates between the minimum and the midpoint of the full salary range. We reserve the midpoint to the maximum of the salary band for internal employees who demonstrate sustained high performance and impact at Clio. The final offer amount for this role will be dependent on individual experience and skillset of the candidate. Please note there are a separate set of salary bands for other regions based on local currency.Diversity, Inclusion, Belonging and Equity (DIBE) & AccessibilityOur team shows up as their authentic selves, and are united by our mission. We are dedicated to . We pride ourselves in building and fostering an environment where our teams feel included, valued, and enabled to do the best work of their careers, wherever they choose to log in from. We believe that different perspectives, skills, backgrounds, and experiences result in higher-performing teams and better innovation. We are committed to equal employment and we encourage candidates from all backgrounds to apply.Clio provides accessibility accommodations during the recruitment process. Should you require any accommodation, please let us know and we will work with you to meet your needs.Learn more about our culture atDisclaimer: We only communicate with candidates through official @clio.com email addresses.
