Senior Security Operations Engineer

We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions - at the high end, we seek individuals with deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level actors. We also have more junior roles for exceptional individuals with a proven personal interest and engagement in cyber attack and defense, and outstanding academic and career performance, even if experience is limited.

Our goal is to build an entirely new level of assurance and observable rigor into the open source supply chain. While we monitor our own estate, our broader objective is to enhance the robustness of the entire global Ubuntu estate through this team.

The Security Operations (SecOps) team is responsible for designing, implementing, and evolving Canonical's security practices, techniques, tools, systems, and policies. They are the primary owners of strategies and practices that secure Canonical’s data, infrastructure, and build processes. Responsibilities include assuring the security and integrity of our infrastructure and product deployments, designing and implementing technical security controls for automatic threat detection, containment, and remediation. The team will also contribute ideas and requirements to improve the security resilience of all Ubuntu customers and users against cyber threats.

The mission of the SecOps team extends beyond Canonical to contribute to the wider open source ecosystem. This includes sharing knowledge through public presentations, industry events, threat intelligence sharing, and representing Canonical in sector-specific governance bodies.

1. Implement and evolve Canonical's Security Operation Center
2. Analyze and improve Canonical's security architecture
3. Evaluate, select, and implement new security tools and practices
4. Identify, contain, and guide the remediation of security threats and cyber attacks
5. Enhance the presence and thought leadership of Canonical SecOps
6. Contribute to open source threat intelligence initiatives
7. Drive threat modeling, tabletop exercises, and other SecOps practices across Engineering, IS, and Canonical
8. Develop SecOps learning and development materials
9. Publish blog posts, whitepapers, and conference presentations
10. Identify, implement, and track SecOps KPIs
11. Plan and deliver SecOps work within Canonical's agile framework
12. Collaborate with Security leadership to present information and influence change

• An exceptional academic record
• Undergraduate degree in Computer Science or STEM, or a compelling alternative narrative
• Experience leading or working in a Security Operation Center
• Deep personal motivation to be at the forefront of security technology
• Expertise in threat modeling and risk management frameworks
• Knowledge of security architecture and leading security tools
• Experience with threat intelligence feeds
• Familiarity with security risk management frameworks such as NIST CSF and ISO27001

• Experience in a security operations team or SOC
• Hands-on experience in offensive or defensive security roles
• Experience with state-actor and advanced persistent threats

We consider geographical location, experience, and performance in shaping compensation worldwide, revisited annually. Benefits include a performance-driven bonus, a USD 2,000 annual learning budget, recognition rewards, holiday leave, parental leave, an Employee Assistance Program, travel opportunities, and travel upgrades for company events.

Canonical is a pioneering open source technology firm, publishing Ubuntu, a key platform for AI, IoT, and cloud. We recruit globally, uphold high standards, and have been remote-first since 2004. Working here is an opportunity to think differently, learn new skills, and grow professionally.

We foster a workplace free from discrimination, valuing diverse experiences and perspectives to create a better work environment and products. All applications will be given fair consideration regardless of background or identity.