Threat Detection Engineer (WFH in Nova Scotia)

***This vacancy is intended for Nova Scotia residents***

Technology is at the heart of driving Admiral’s business.

About Admiral Tech

With a history of innovation, the Admiral Group are bringing our world-class Tech department to Canada for the first time ever.

From Cloud through to DevOps, our Technology department consists of over 600 people and is an exciting and fast-paced environment to work in. If you’re looking for a technically challenging and rewarding role, with outstanding support and opportunities for progression, you’ve come to the right place.

More on Admiral Tech: https://www.admiraljobs.co.uk/admiral-tech

About Admiral Canada

We’re more than you think.

One of the UK’s most recognizable insurance and financial service providers, Admiral offers insurance, loans, and various other products to over 9.1 million international customers.

In 2007, Admiral launched its Canadian office in Halifax with a small group of 20 staff. Today, we employ 500 people throughout Nova Scotia who support our UK customers with home and motor insurance policies.

We’ve been recognized as one of Canada’s Great Places to Work every year since 2010 and have also been named one of Nova Scotia’s and Atlantic Canada’s Top Employers annually since 2015. In 2022, the Great Place to Work® Institute ranked Admiral as the 4th Best Workplace in Canada.

The next chapter in the Admiral Canada’s success story is bringing Admiral Tech to Canada. This role is an exceptional opportunity to be the architect of Admiral Tech in Canada and influence its foundation.

About the Job – Threat Detection Engineer

We are seeking a candidate with experience as an Azure Sentinel Detection Engineer. You will be responsible for developing, implementing, and continuously improving Admiral’s threat-led security detection Analytics and response capabilities. You will need to understand the changing threat landscape, identify opportunities for improvements in existing detections, establish new detections, and ensure appropriate detection coverage for the organisation. You will work closely with multiple teams in a fast-moving and agile environment, including security operations, incident response, and threat intelligence.

You will be responsible for developing and driving siem and endpoint threat detections daily and strategically. You are expected to seek out effective and comprehensive detection logic, thus, ensuring detections are high fidelity and thoroughly tested. Ensuring detection rules are available and understood by operational cyber security teams.

Develop security-specific content necessary to implement Use Cases and transform them into correlation queries, templates, reports, rules, alerts, and dashboards.

Responsibilities

• Creation of new detections from use cases from business-related projects, threat modelling, and threat intelligence.
• Create custom analytics rules to detect threats.
• Continuous development and testing of detection rules and tooling.
• Drive the improvement of our Detection Framework, its methodologies, and lifecycles.
• Guidance and Support for Analysts in the release, implementation, and tuning phases.
• Contribute to the review and lessons learned of Blue, Red and Purple Team engagements.
• Conduct knowledge-sharing sessions for edge cases from emerging threats.
• Contribution to the improvement of environmental detections (data source gap analysis).

Desirable Skills, Experience and Behaviours

• KQL Analytics experience is a must.
• Configuration of Data connectors for Security Events, Threat Intelligence Platforms, Linux Syslog, Office 365, etc
• More than 2 years+ of experience in Cyber Security as a Threat Detection Engineer
• Knowledge of attacker tools and evasion techniques.
• Working knowledge of at least one primary programming language, including scripting languages like Python and PowerShell
• Good understanding of Windows and Linux Operating Systems
• Translate threat intelligence into actionable detection logic.
• Knowledge of cloud infrastructure, cloud security and cloud APIs a plus.
• Knowledge of Active Directory threats.
• Experience working with Mitre Attack Framework.
• Strong team working skills with the ability to build trusted relationships with people and groups with diverse backgrounds and to influence at all levels.
• Professional, with attention to detail - always seeking quality and excellence in their work.
• Collaborative and engaging approach to problem-solving and a willingness to work as part of the team.
• Passionate for diversity, recognising the innovation and competitive edge that comes from a diverse, highly skilled team where equal opportunities are genuinely valued.
• A problem-solver, always seeking the best solution for the right outcome.
• Friendly manner, willing to adapt style and approach to achieve quality results.
• Self-motivated, results-focused, and pragmatic, able to manage conflicting deadlines and prioritise.
• SC-200 Certification advantageous

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will depend on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will gladly discuss the remuneration package.

At Admiral, we are proud to be a diverse business that puts our people and customers first. We have great benefits to ensure employees have an outstanding work-life balance; it's one of the reasons we’re consistently ranked nationally as one of Canada’s (and the world’s) best workplaces. To that end, you will have an element of scheduling autonomy to strike an appropriate balance between personal flexibility and business needs.

All colleagues will receive 34 days of paid time off (including Statutory holidays) annually when you join us. Paid time off will increase with the length of service, up to a maximum of 39 days (including statutory holidays).

You can view some of our other key benefits here: https://joinadmiral.ca/employee-benefits/

Our Commitment to You

As an equal opportunity employer, Admiral is committed to fostering a diverse and inclusive workplace free from discrimination based on race, national origin, gender, gender identity, sexual orientation, ability, age, family status or any other legally protected status. All qualified applicants will receive equal consideration for employment on that basis.

All qualified applicants will receive equal consideration for employment.

Job Types: Full-time, Permanent

Salary: From $75,000.00 per year

Benefits:

• Casual dress
• Company events
• Company pension
• Dental care
• Disability insurance
• Employee assistance program
• Extended health care
• Flexible schedule
• Life insurance
• Paid time off
• Profit sharing
• RRSP match
• Tuition reimbursement
• Vision care
• Wellness program
• Work from home

Schedule:

• 8 hour shift
• Day shift

Work Location: Hybrid remote in Halifax, NS B3L 0B7