Join one of Canada's Best Workplaces

Threat Detection Engineer

Nova Scotia
Information Security
To be discussed
Closing Date
Apply now

***This vacancy is a remote role intended for Nova Scotia residents***

Technology is at the heart of driving Admiral’s business.

About Admiral Tech

With a history of innovation, UK financial services leader Admiral Group continues to expand our world-class Tech department in Canada.

From Cloud through to DevOps, our technology department comprises over 600 people and is an exciting and fast-paced environment. If you’re looking for a technically challenging and rewarding role with outstanding support and opportunities for progression, you’ve come to the right place.

More on Admiral Tech 

About Admiral Canada

One of the UK’s most recognizable insurance and financial service providers, Admiral offers insurance, loans, and various other products to over 9.1 million international customers.

In 2007, Admiral launched its Canadian office in Halifax with a small group of 20 staff. Today, we employ over 400 people throughout Nova Scotia who support our UK customers with home and motor insurance policies.

In 2022, we introduced Admiral Tech to Canada, providing wrap-around global support to our business. With the industry's forward momentum and a vibrant, homegrown talent pool of up-and-coming professionals, we’ve quickly become a formidable tech option within Admiral Group. This role is an exceptional opportunity to influence the foundation of Admiral Tech in Canada.

Read more about Admiral Tech in Canada

About the Job – Threat Detection Engineer

We are seeking a Google Chronicle Detection Engineer with Yara-L experience to join our Detection Engineering team. The ideal candidate will have a minimum of 1-year of experience in Cybersecurity as a Detection Engineer, with a focus on developing, implementing, and continuously improving threat-led security detection analytics and response capabilities. If you have detection engineering experience with other SIEM solutions and are up for a new challenge, we would also like to hear from you.

You will collaborate closely with multiple teams, including Security Operations, Incident Response, and Threat Intelligence, in a fast-moving and agile environment. Responsible for developing and driving SIEM and endpoint threat detections both day-to-day and strategically. You are expected to seek out effective and comprehensive detection logic that is fully documented, ensuring detections are high fidelity and thoroughly tested, and that detection rules are available and understood by operational Cybersecurity teams.

Main Duties

Responsibilities of the role include:

  • Creation of new detections from using cases related to business projects, threat modelling, threat intelligence, purple teaming, and threat hunting.
  • Create custom analytic rules to detect threats.
  • Continuous improvements and testing of detection rules and tooling.
  • Drive the improvement of our Detection Framework, its methodologies, and lifecycles.
  • Guidance and Support for Analysts in release, implementation, and tuning phases.
  • Contribute to the review and lessons learned from the Blue, Red and Purple Team engagements.
  • Conduct knowledge-sharing sessions for edge cases of emerging threats.
  • Contribute to the improvement of environmental detections (data source gap analysis).
  • Develop and drive SIEM and endpoint threat detections both operationally and strategically.

Experience and Qualifications Required

  • Preference for YARA-L Analytics experience.
  • Strong SOC Analyst experience is highly beneficial.
  • Knowledge of attacker tools, techniques, and regex.
  • Understanding of Windows and Linux Operating Systems.
  • Ability to translate threat intelligence into actionable detection logic.
  • Knowledge of cloud infrastructure, cloud security, and cloud APIs.
  • Familiarity with threats against Active Directory and experience with the Mitre Attack Framework.
  • Strong teamwork skills with the ability to influence people at all levels.
  • Professional and detail-oriented, always seeking quality and excellence.
  • A collaborative problem solver with a willingness to work as part of a diverse team.
  • Self-motivated and results-focused, with the ability to manage conflicting deadlines and prioritize effectively.
  • MAD certification in Detection Engineering would be advantageous.

Salary, Benefits and Work-Life Balance

We believe in offering a competitive salary and remuneration package that reflects the experience and qualifications of the successful candidate. We welcome CVs from all candidates who meet the requirements, and we are happy to discuss the details of the compensation package.

 Admiral takes pride in being a diverse business that prioritises its people and customers. We offer great benefits to ensure our employees have an exceptional work-life balance, which is a key reason why we consistently rank as one of Canada's and the world's best workplaces. You will have an element of scheduling autonomy to strike an appropriate balance between personal flexibility and business needs.

 All colleagues at Admiral are entitled to 34 days of paid time off annually, which includes statutory holidays. As you continue your service with us, the amount of paid time off will increase, up to a maximum of 39 days, including statutory holidays. We believe in providing ample time for rest and rejuvenation.

You can view some of our other key benefits here

Our Commitment to You

Admiral is committed to fostering a diverse and inclusive workplace. We are proud to be an equal opportunities employer and do not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, ability, age, family status, or any other legally protected status. We believe that all qualified applicants should receive equal consideration for employment.