Detection Engineer

We are currently seeking a Detection Engineer to join our rapidly growing Security team and our new Logging Engineering team. This role is for someone passionate about building sophisticated detection capabilities, crafting efficient queries, and driving security analytics through log data. You will focus on the detection and analysis layer of our logging platform while making a tangible impact on our security monitoring capabilities.

This role is available to candidates across Canada (excluding Quebec). If you are local to one of our hubs (Burnaby, Calgary, or Toronto) you will be expected to be in office minimum two days per week for our Anchor Days.

Are you someone who's always probing and asking why, someone who enjoys finding patterns in data and building smarter detection logic? If so, we have a spot for you on Clio's new Logging Engineering team! We are looking for the right candidate to develop and optimize our security detection capabilities, and be a technical expert in query optimization and analytics. If you have a strong background in security analytics with experience in log analysis and detection engineering, then we want to talk to you.

• Design and implement sophisticated detection rules and queries across ELK stack, security data lakes, and cloud logging platforms

• Build and optimize complex search queries, aggregations, and analytics dashboards for security monitoring

• Develop automated detection workflows and integrate detection logic with incident response systems

• Partner with the security team to translate threat intelligence into actionable detection capabilities

• Create and maintain detection rule libraries, query templates, and security analytics playbooks

• Optimize query performance and resource utilization across large-scale log datasets

• Build custom visualizations, dashboards, and reporting capabilities for security stakeholders

• Investigate security alerts, perform threat hunting, and refine detection accuracy to reduce false positives

• Collaborate with the platform team to influence logging architecture based on detection requirements

• Stay current with emerging threats and translate new attack patterns into detection logic

• Proven expertise building detection capabilities and security monitoring systems, typically gained over 3+ years of relevant experience. 

• Query language proficiency in Elasticsearch/Lucene, SQL, KQL (Kusto), SPL (Splunk), or similar query languages

• Detection engineering experience creating rules, alerts, and automated response workflows for security events

• Log analysis skills across multiple data sources including cloud logs, application logs, and security tool outputs

• Dashboard and visualization experience with Kibana, Grafana, Tableau, or custom analytics interfaces

• Threat hunting expertise using log data to proactively identify security threats and anomalous behavior

• Scripting and automation abilities in Python, PowerShell, or similar languages for detection automation

• Security tools integration experience with SIEM platforms, SOAR tools, and security orchestration

• Performance optimization skills for query tuning, index optimization, and resource-efficient analytics

• Incident response support experience investigating alerts and providing technical analysis for security incidents

• Demonstrate a keen interest in improving your craft by using AI

• Advanced analytics experience with machine learning, statistical analysis, or behavioral analytics for security

• Multi-platform detection experience across cloud platforms (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs)

• Custom detection development building detection logic for specific threat frameworks (MITRE ATT&CK, Kill Chain)

• Security certification such as GCTI, GCFA, GNFA, or other threat hunting/forensics certifications

• Open source contributions to detection rule repositories, security analytics tools, or SIEM content

• Data science background with experience in anomaly detection, clustering, or predictive analytics for security

• API integration expertise for automated threat intelligence ingestion and detection rule management

• Cloud security analytics experience with cloud-native security services and serverless detection architectures

• Compliance and reporting experience building analytics for regulatory requirements and security metrics

What you will find here:

Compensation is one of the main components of Clio’s Total Rewards Program. We have developed a series of programs and processes to ensure we are creating fair and competitive pay practices that form the foundation of our human and high-performing culture.
 

Some highlights of our Total Rewards program include:

• Competitive, equitable salary with top-tier health benefits, dental, and vision insurance 

• Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, and Dublin) to be in office minimum 2 days per week on our Anchor Days. 

• Flexible time off policy, with an encouraged 20 days off per year.

• $2000 annual counseling benefit

• RRSP matching and RESP contribution 

• Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years​

Diversity, Inclusion, Belonging and Equity (DIBE) & Accessibility 

Our team shows up as their authentic selves, and are united by our mission. We are dedicated to diversity, equity and inclusion. We pride ourselves in building and fostering an environment where our teams feel included, valued, and enabled to do the best work of their careers, wherever they choose to log in from. We believe that different perspectives, skills, backgrounds, and experiences result in higher-performing teams and better innovation. We are committed to equal employment and we encourage candidates from all backgrounds to apply.

Clio provides accessibility accommodations during the recruitment process. Should you require any accommodation, please let us know and we will work with you to meet your needs.

Learn more about our culture at clio.com/careers

Disclaimer: We only communicate with candidates through official @clio.com email addresses.