Senior Security Operations Engineer

Senior Security Operations Engineer page is loaded

Senior Security Operations Engineer

Apply locations: Waterloo, Ontario

Time type: Full time

Posted on: Posted Yesterday

Time left to apply: End Date: April 25, 2025 (29 days left to apply)

Job requisition id: 20250108

Worker Sub-Type: Regular

Job Description:

SUMMARY:

BlackBerry is seeking a dynamic Senior Security Operations Engineer who thrives in an environment that demands constant adaptation and improvement. This role requires someone who can seamlessly pivot between operational response and engineering improvements - investigating complex security alerts one moment and automating similar cases the next. You'll transform manual processes into automated workflows, convert successful threat hunts into persistent detection rules, and continuously enhance our security capabilities. This position sits at the critical intersection of day-to-day security operations and strategic capability advancement.

RESPONSIBILITIES:

• Operational Excellence & Engineering Improvement:
  • Triage and investigate complex security alerts while identifying opportunities for automation
  • Convert manual investigation steps into automated enrichment and response workflows
  • Transform successful threat hunting techniques into persistent detection rules
  • Build and deploy custom detection logic based on emerging threat intelligence
• Continuous Advancement:
  • Constantly evaluate security tool effectiveness and implement enhancements
  • Develop SOAR playbooks to automate routine investigations and responses
  • Create metrics to measure operational efficiency and security effectiveness
  • Implement feedback loops to continuously refine detection and response capabilities
• Collaborative Leadership:
  • Drive knowledge sharing across the security team on new detection methods
  • Partner with infrastructure teams to improve security visibility
  • Mentor team members on automation techniques and detection engineering
  • Communicate complex security findings to technical and non-technical stakeholders

QUALIFICATIONS:

• Bachelor's Degree in a technical discipline; computer science, cybersecurity, or related field preferred
• 5+ years experience in security operations with demonstrated progression toward engineering responsibilities
• Proven experience with both:
  • Hands-on security alert investigation and incident response
  • Development of automation and detection engineering
• Strong programming skills with demonstrated proficiency in Python, Regex and experience with APIs
• Experience designing and implementing detection rules in SIEM or EDR platforms
• Hands-on experience with security orchestration and automation (SOAR) platforms
• Demonstrated ability to rapidly pivot between operational tasks and engineering improvements
• Experience translating threat intelligence into actionable detection capabilities
• Strong understanding of common attack techniques and defensive countermeasures
• Experience with cloud security monitoring in AWS, GCP, or Azure environments

TECHNICAL EXPERTISE (Must have experience with several of the following):

• SIEM platforms (Rapid 7 IDR, Wazuh, Microsoft Sentinel, etc.)
• SOAR technologies (Rapid 7 Insight Connect, Palo Alto XSOAR, etc.)
• EDR/XDR solutions
• Cloud security and monitoring tools
• Infrastructure-as-code tools (Terraform, CloudFormation)
• Version control systems (Git)
• CI/CD pipelines and processes
• Scripting and automation (Python, PowerShell, Regex)
• Threat intelligence platforms

PROFESSIONAL QUALITIES:

• Adaptability: Comfortable rapidly switching context between operational and engineering tasks
• Pattern Recognition: Exceptional ability to identify automation opportunities within operational workflows
• Continuous Improvement Mindset: Naturally seeks to enhance processes and capabilities
• Problem-Solving Agility: Can quickly troubleshoot immediate issues while developing long-term solutions
• Communication: Effectively shares insights across technical and non-technical audiences
• Initiative: Self-directed in identifying and addressing security gaps
• Collaboration: Works seamlessly across team boundaries to improve overall security posture

DESIRED ADDITIONAL QUALIFICATIONS:

• Security certifications (SANS GIAC, CISSP, OSCP, etc.)
• Experience with threat modeling and adversary emulation
• Experience with security data science or security analytics
• Contributions to open-source security tools or research
• Experience measuring and demonstrating security program effectiveness

Scheduled Weekly Hours: 40

About Us

BlackBerry (NYSE: BB; TSX: BB) is a trusted security software and services company that provides enterprises and governments with the technology they need to secure the Internet of Things. Headquartered in Waterloo, Ontario, the company is unwavering in its commitment to safety, cybersecurity and data privacy, and leads in key areas such as artificial intelligence, endpoint security and management, encryption and embedded systems. You couldn’t choose a more exciting time to consider joining us! For more information, visit BlackBerry.com and follow @BlackBerry.

It is the policy of BlackBerry to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, creed, religion, national origin, alienage or citizenship, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law.

EEO Minorities/Females/Protected Veteran/Disabled

BlackBerry strives to create an accessible and inclusive application and selection process and is committed to working with and providing reasonable accommodation to job applicants who may require provisions to participate in the selection process. Should you require an accommodation, please contact recruitment@blackberry.com or contact our HR department by calling 1-519-888-7465. We will reply to your request as soon as possible.