Questrade Financial Group is seeking a Senior Detection Engineer to lead the quality and effectiveness of the detection portfolio, creating, tuning, validating, and retiring alerts that drive organizational security outcomes. The ideal candidate will have 5+ years of relevant experience in detection engineering, security operations, or threat analysis in an enterprise environment. The role will involve authoring and deploying detection rules, maintaining alert coverage and fidelity, reducing false positives, and collaborating with SOC analysts, SIEM Engineers and CTI Specialists to operationalize detections.
Requirements
- Author, test, and deploy detection rules aligned to MITRE ATT&CK coverage gaps.
- Maintain the detection portfolio: track coverage, false positive rates, alert fidelity, and relevance.
- Validate alerts through purple-team exercises and real-world scenario testing.
- Tune detection logic to reduce false positive rates and improve signal-to-noise ratio.
- Document detection rationale, expected behavior, and runbook references for each alert.
- Build and maintain alert severity frameworks and prioritization logic.
- Retire stale or redundant detections with documented justification and communication.
- Produce monthly detection metrics: coverage by ATT&CK tactic, false positive trends, new vs. retired rules.
- Perform threat modeling to identify gaps in current detection coverage.
- Collaborate with SIEM Engineer on platform optimization and detection rule infrastructure.
- Work with CTI Specialists to translate threat intelligence into detection requirements.
- Conduct log analysis and data exploration to validate detection logic and identify edge cases.
- Author SIGMA rules to ensure detection portability and cross-platform compatibility.
- Participate in alert tuning and optimization based on SOC analyst feedback and operational experience.
- Maintain runbooks and escalation procedures aligned with detection behaviors and expected outcomes.
- Stay current with emerging detection methodologies, tools, and MITRE ATT&CK updates.
- Mentor and develop team members on detection engineering best practices and frameworks.
- Communicate detection engineering decisions, alert changes, and coverage analysis to technical and non-technical stakeholders.
- Track and report on detection engineering program metrics (rules deployed, coverage improvement, FP reduction).
Benefits
- Health & wellbeing resources and programs
- Paid vacation, personal, and sick days for work-life balance
- Competitive compensation and benefits packages
- Career growth and development opportunities
- Opportunities to contribute to community causes
