What You’ll Do:

• Drive the end-to-end design, development, and technical leadership of high-fidelity, scalable detection content across multi-cloud environments (Azure, GCP, OCI etc). Define detection strategy that balances breadth, depth, and precision threat coverage across critical assets while minimizing blind spots and telemetry gaps.
• Provide technical oversight for SIEM infrastructure, ensuring ingestion pipelines are optimized for scale, signal fidelity, and cost efficiency. Collaborate with platform engineering teams to continuously improve data normalization, enrichment, and event routing.
• Define and enforce detection engineering best practices for SIEM rule development, tuning, and lifecycle management. Ensure content aligns with MITRE ATT&CK, threat intelligence, and operational priorities, while maintaining hygiene and performance at scale.
• Engineer robust detections that scale against modern attacker tradecraft—including automated threats, AI-driven TTPs, (LotL) abuse, and emerging post-exploitation behaviors. Champion logic that reduces noise and false positives %, enabling actionable signals for downstream response.
• Operationalize threat intel, telemetry patterns, and anomaly baselines into advanced detection content across SIEM/XDR pipelines. Build correlation logic and multi-stage detections to surface APT activity, credential abuse, zero-day exploitation, and lateral movement etc.
• Act as the detection content authority working alongside security & engineering stakeholders - IR, threat intel, and product teams. Mentor a team of detection engineers, providing code-level reviews, logic validation, and cross-domain threat modeling to maintain high-quality and battle-tested detections.
• Own and evolve detection KPIs (e.g., precision, recall, MTTD, FPR). Implement automated validation and regression pipelines to continuously assess detection health, adapt logic to threat shifts, and ensure long-term signal resilience under active adversary conditions.

What you Bring:

• Brings a curious, analytical, and offensive-aware mindset to defensive detection. Continuously hunts for telemetry gaps, tests detection logic against emulated threat scenarios, and iteratively improves detection coverage and fidelity through data-driven analysis.
• Demonstrated expertise in architecting and leading large-scale detection engineering efforts across multi-cloud environments with a strong grasp of threat modeling, adversary emulation, and signal-to-noise optimization. Proven ability to build and manage detection strategies that scale across hybrid infrastructures.
• Deep understanding of attacker TTPs, threat intelligence application, and detection design principles. Adept at crafting high-fidelity, low-noise detection content that maps to adversary behaviors (MITRE ATT&CK), continuously tuned to evolving threats and telemetry patterns.
• Extensive hands-on experience with SIEM and XDR platforms, including building and maintaining complex correlation rules, data models, and enrichment pipelines. Strong grasp of DaC, log telemetry normalization, event schema design, and detection lifecycle management at scale.
• Familiarity with SOAR platforms and automation frameworks, with the ability to integrate detection and response workflows. Brings a proactive mindset to building automated triage, context enrichment, and signal escalation processes to accelerate time-to-response via DaC framework.
• Solid understanding of cloud-native security risks and telemetry sources (e.g., API audit logs, cloud flow logs, identity artifacts), and how to detect high-impact threats such as lateral movement, privilege escalation, and misconfiguration exploitation in multi-cloud ecosystems.
• Proven leadership in cross-functional technical collaboration—partnering with incident response, threat intel, SRE, and platform teams to ensure detection content is tightly aligned with threat priorities, operational workflows, and platform telemetry realities.
• Demonstrated ability to mentor and technically guide other detection engineers, instill quality review processes, and foster a culture of rigor, innovation, and accountability within the detection engineering function.

What Loblaw Offers You

We offer flexibility and balance, and an environment that sets you up for success no matter where your workspace is located.

Here, you will find a great team to help you achieve your goals as you help us achieve ours! Work in our fast-paced, exciting Technology environment, helping our stores, colleagues and customers every day.

Loblaw colleagues also enjoy:

• Work Perks Program
• On-site GoodLife Fitness, Basketball & Volleyball courts, Ice Rink, Dry Cleaning services (1PCC Office)
• Tuition Reimbursement & Online Learning
• Pension & Benefits
• Paid Vacation