Senior Security and Detections Engineer

About the Role

Cybera’s Regional Security Operations Centre (rSOC) provides shared, advanced cybersecurity services to Alberta’s post-secondary and research sector, with growing national and international partnerships.

We are looking for a Senior Security and Detections Engineer to help design, build, and continuously improve the detection content that underpins our SOC. This role focuses on developing high-quality detection use cases, data integrations, and analytics across SIEM, UEBA, and SOAR platforms—turning raw telemetry into actionable security outcomes. You’ll work closely with SOC analysts, technical operations, and sector partners to evolve detection strategies that are threat-informed, measurable, and aligned to the unique risk landscape of higher education and research.

What You’ll Do

As a Security and Detections Engineer, you will:

Design, develop, and maintain detection rules and use cases across SIEM, UEBA, and SOAR

Normalize, transform, and enrich log and event data to maximize detection value

Build searches, data models, dashboards, and metrics to support alerting and SOC performance

Integrate threat intelligence, IOCs, and adversary research into detection logic

Partner with SOC analysts to identify behavioral patterns and anomalous activity

Implement and manage a structured detection lifecycle (testing, tuning, validation)

Collaborate with national and international partners on sector-specific detections

Manage detection content through version control, deployment, and continuous improvement

Support and maintain assigned rSOC security platforms

What You Bring

Bachelor’s degree in Computer Science, Information Security, or a related field

3+ years of experience in security engineering, detection engineering, or a related role

Strong understanding of operating systems, networks, and core security concepts

Hands-on experience with SIEM, SOAR, UEBA, and related security platforms

Proven analytical, problem-solving, and threat research skills

Strong communication skills and ability to work independently

Technical Strengths (Nice-to-Have / Preferred)

Scripting and automation experience (Python, PowerShell, Bash, Perl) and Git

Strong knowledge of SQL and data platforms such as MongoDB or MariaDB

Experience performing investigations on a wide variety of events from various sources to determine whether they pose a threat

Detection engineering experience using regular expressions, correlation logic, enrichment, and feature extraction

Familiarity with detection-as-code approaches (e.g., YAML, Sigma, Snort IDS/IPS)

Experience integrating Threat Intelligence Platforms (TIPs) into detection workflows

Knowledge of adversary tactics and techniques (MITRE ATT&CK framework)

Knowledge of Windows internals, Active Directory, and enterprise identity environments

Exposure to cloud and container security detection

Understanding of big data, machine learning, or anomaly detection techniques (supervised or unsupervised)

Certifications (Preferred)

CISSP, CISM, CEH, CompTIA Security+ or CySA+, and/or GIAC certifications

Compensation and Location:

This position is based in our Calgary office. Salary will be commensurate with experience. No relocation costs will be awarded.

Benefits of working at Cybera:

This is your opportunity to work for a flexible, tech-forward not-for-profit that is helping Canada become a more equitable place to work, learn, and play! We offer:

A hybrid working environment, with flexible hours.

Highly supportive and inclusive work culture.

35 hour work weeks, except in July and August where we work 32 hour work weeks and have every Friday off.

Benefits:

Health & Vision benefits from day 1

Long & Short term disability benefits from day 1

Flexible Health Spending Account (after successful probation)

Annual professional development funds

Regular Lunch & Learns covering department updates to EDI topics

RRSP program (after successful probation)

Healthy snacks in the office – and sometimes unhealthy snacks

10 days per year to use for sick time or mental health breaks

The opportunity to invest in yourself and your career

How to Apply:

This posting will remain open until a suitable candidate is found. Your application should include a resume and a short response (in your own words) to three application questions listed below. Your answers should demonstrate how your skillset matches the position requirements (of course we don't expect you to have them all!)  While we appreciate all applications, only candidates selected for an interview will be contacted. No phone calls or recruiter assistance at this time, please.

All qualified applicants will receive consideration for employment without regard to race, religious beliefs, colour, gender, disability, age, ancestry, place of origin, marital status, source of income or family status of that person or of any other person.

Number of hires for this role: 1