Worker Sub-Type:

Regular

 Job Description: 

SUMMARY:

BlackBerry is seeking a dynamic Senior Security Operations Engineer who thrives in an environment that demands constant adaptation and improvement. This role requires someone who can seamlessly pivot between operational response and engineering improvements - investigating complex security alerts one moment and automating similar cases the next. You'll transform manual processes into automated workflows, convert successful threat hunts into persistent detection rules, and continuously enhance our security capabilities. This position sits at the critical intersection of day-to-day security operations and strategic capability advancement.

RESPONSIBILITIES:

Operational Excellence & Engineering Improvement:Triage and investigate complex security alerts while identifying opportunities for automationConvert manual investigation steps into automated enrichment and response workflowsTransform successful threat hunting techniques into persistent detection rulesBuild and deploy custom detection logic based on emerging threat intelligenceContinuous Advancement:Constantly evaluate security tool effectiveness and implement enhancementsDevelop SOAR playbooks to automate routine investigations and responsesCreate metrics to measure operational efficiency and security effectivenessImplement feedback loops to continuously refine detection and response capabilitiesCollaborative Leadership:Drive knowledge sharing across the security team on new detection methodsPartner with infrastructure teams to improve security visibilityMentor team members on automation techniques and detection engineeringCommunicate complex security findings to technical and non-technical stakeholders

QUALIFICATIONS:

Bachelor's Degree in a technical discipline; computer science, cybersecurity, or related field preferred5+ years experience in security operations with demonstrated progression toward engineering responsibilitiesProven experience with both:Hands-on security alert investigation and incident responseDevelopment of automation and detection engineeringStrong programming skills with demonstrated proficiency in Python, Regex and experience with APIsExperience designing and implementing detection rules in SIEM or EDR platformsHands-on experience with security orchestration and automation (SOAR) platformsDemonstrated ability to rapidly pivot between operational tasks and engineering improvementsExperience translating threat intelligence into actionable detection capabilitiesStrong understanding of common attack techniques and defensive countermeasuresExperience with cloud security monitoring in AWS, GCP, or Azure environments

TECHNICAL EXPERTISE (Must have experience with several of the following):

SIEM platforms (Rapid 7 IDR, Wazuh, Microsoft Sentinel, etc.)SOAR technologies (Rapid 7 Insight Connect, Palo Alto XSOAR, etc.)EDR/XDR solutionsCloud security and monitoring toolsInfrastructure-as-code tools (Terraform, CloudFormation)Version control systems (Git)CI/CD pipelines and processesScripting and automation (Python, PowerShell, Regex)Threat intelligence platforms

PROFESSIONAL QUALITIES:

Adaptability: Comfortable rapidly switching context between operational and engineering tasksPattern Recognition: Exceptional ability to identify automation opportunities within operational workflowsContinuous Improvement Mindset: Naturally seeks to enhance processes and capabilitiesProblem-Solving Agility: Can quickly troubleshoot immediate issues while developing long-term solutionsCommunication: Effectively shares insights across technical and non-technical audiencesInitiative: Self-directed in identifying and addressing security gapsCollaboration: Works seamlessly across team boundaries to improve overall security posture

DESIRED ADDITIONAL QUALIFICATIONS:

Security certifications (SANS GIAC, CISSP, OSCP, etc.)Experience with threat modeling and adversary emulationExperience with security data science or security analyticsContributions to open-source security tools or researchExperience measuring and demonstrating security program effectiveness

#LI-NR1

Scheduled Weekly Hours:

40