Employment - Detection Engineer

Detection Engineer

Admiral Insurance

Full-Time

Weekdays

Work from home
Description

***This vacancy is a remote role intended for Nova Scotia residents***

Technology is at the heart of driving Admiral’s business.

About Admiral Tech

With a history of innovation, UK financial services leader Admiral Group continues to expand our world-class Tech department in Canada.

From Cloud through to DevOps, our technology department comprises over 600 people and is an exciting and fast-paced environment. If you’re looking for a technically challenging and rewarding role with outstanding support and opportunities for progression, you’ve come to the right place. More on Admiral Tech 

About Admiral Canada

One of the UK’s most recognizable insurance and financial service providers, Admiral offers insurance, loans, and various other products to over 9.1 million international customers.

In 2007, Admiral launched its Canadian office in Halifax with a small group of 20 staff. Today, we employ over 400 people throughout Nova Scotia who support our UK customers with home and motor insurance policies.

In 2022, we launched our Cyber Security team in Canada, providing wrap-around global support to our business. With the industry's forward momentum and a vibrant, homegrown talent pool of up-and-coming professionals, we’ve quickly become a formidable tech option within Admiral Group.

Read more about Admiral Cyber Security in Canada 

About the Job – Detection Engineer

We are currently seeking a MS Sentinel Detection Engineer with KQL experience to join our Detection Engineering team. The ideal candidate should have a minimum of 2 years’ experience in Cyber Security as a Detection Engineer, with expertise in developing, implementing, and continuously improving threat-led security detection analytics and response capabilities.

You will collaborate closely with multiple teams, including Security Operations, Threat Emulation, and Threat Intelligence, in a dynamic environment. The role involves developing and driving Siem detections both daily and strategically. You are expected to develop effective and comprehensive detection logic that is fully documented, ensuring detections are accurate and thoroughly tested.

Main Duties

Responsibilities of the role include:

  • Creation of new detections from use cases related to business projects, threat modelling, threat intelligence, purple teaming, and threat hunting.
  • Create custom analytic rules to detect threats.
  • Continuous improvements and testing of detection rules and tooling.
  • Drive the improvement of our Detection Framework, its methodologies, and lifecycles.
  • Guidance and Support for Analysts in release, implementation, and tuning phases.
  • Contribute to the review and lessons learned of Blue, Red and Purple Team engagements.
  • Conduct knowledge-sharing sessions for edge cases from emerging threats.
  • Contribute to the improvement of environmental detections (data source gap analysis).
  • Develop and drive threat detections both operationally and strategically. 

Experience and Qualifications Required

  • Mandatory: KQL Analytics experience.
  • Highly advantageous to have SOC Analyst experience.
  • Knowledge of attacker tools, techniques, and regex.
  • Understanding of Windows and Linux Operating Systems.
  • Ability to translate threat intelligence into actionable detection logic.
  • Knowledge of cloud infrastructure, cloud security, and cloud APIs.
  • Familiarity with threats against Active Directory and experience with the Mitre Attack Framework.
  • Strong team working skills with the ability to influence at all levels.
  • Professional and detail-oriented, always seeking quality and excellence.
  • Collaborative problem solver with a willingness to work as part of a diverse team.
  • Self-motivated and results-focused, with the ability to manage conflicting deadlines and prioritise effectively.

Professional Training/Certification (Advantageous)

  • Microsoft Azure Fundamentals
  • Microsoft Azure Security Operations Analyst SC-200
  • Microsoft Azure Administrator - AZ500
  • Microsoft 365 Security Administrator
  • MAD certifications in Detection Engineering would be advantageous.

Salary, Benefits and Work-Life Balance

We believe in offering a competitive salary and remuneration package that reflects the experience and qualifications of the successful candidate. We welcome CVs from all candidates who meet the requirements, and we are happy to discuss the details of the compensation package.

Admiral takes pride in being a diverse business that prioritises its people and customers. We offer great benefits to ensure our employees have an exceptional work-life balance, which is a key reason why we consistently rank as one of Canada's and the world's best workplaces. You will have an element of scheduling autonomy to strike an appropriate balance between personal flexibility and business needs.

 All colleagues at Admiral are entitled to 34 days of paid time off annually, which includes statutory holidays. As you continue your service with us, the amount of paid time off will increase, up to a maximum of 39 days, including statutory holidays. We believe in providing ample time for rest and rejuvenation.

You can view some of our other key benefits here

Our Commitment to You

Admiral is committed to fostering a diverse and inclusive workplace. We are proud to be an equal opportunities employer and do not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, ability, age, family status, or any other legally protected status. We believe that all qualified applicants should receive equal consideration for employment.

How To Apply

Admiral Insurance will be accepting applications for this opportunity via their Human Resource Information System (HRIS), or other external site. Please follow the link and the instructions below carefully. Failure to do so may result in disqualification.

Admiral Canada: home

Apply here

Intended Audience

This employment opportunity is open for: Canadian citizens, permanent residents, and temporary residents who are able to work for any employer in Canada (study permit, open work permit holders).

Only applicants who are authorized to work in Canada will be considered.

Opportunity Information
Employer
Admiral Insurance
NOC Code
Experience Required
An Asset
Available Openings
1
Pay Type
To be Determined
Pay Period
Bi-Weekly
Remuneration Per Pay Period
Estimated Weekly Hours
37.50
Start Date
End Date
Language
Posted on
November 22nd 2024
Expires
December 13th 2024