Detection Engineer
Top Benefits
About the role
Technology is at the heart of driving Admiral’s business.
About Admiral Tech
Admiral Group, a UK financial services leader with a history of innovation, is expanding its world-class Tech department in Canada.
Our technology team, comprising over 600 professionals, spans areas from Cloud to DevOps, creating an exciting and fast-paced environment. If you're seeking a technically challenging and rewarding role with exceptional support and opportunities for growth, you've come to the right place.
Discover more about Admiral Tech ( https://www.admiraljobs.co.uk/admiral-tech ) .
About Admiral Canada
Admiral, one of the UK's most recognizable insurance and financial service providers, serves over 9.1 million international customers with insurance, loans, and various other products.
In 2007, Admiral established its Canadian office in Halifax with just 20 staff members. Today, we employ over 400 people across Nova Scotia, supporting our UK customers with home and motor insurance policies.
In 2022, we launched our Cyber Security team in Canada, providing wrap-around global support to our business. With the industry's forward momentum and a vibrant, homegrown talent pool of emerging professionals, we've quickly become a formidable tech presence within Admiral Group.
Read more about Admiral Cyber Security in Canada (https://joinadmiral.ca/life-at-admiral/post/62/Admiral-UK's-Information-Security-Growth-Anchored-by-NS-&-BC-Talent/ )
About the Job – Detection Engineer
As a Detection Engineer, you’ll play a key role in safeguarding Admiral’s digital infrastructure. You’ll be responsible for designing and enhancing detection capabilities to identify and respond to cyber threats swiftly and effectively.
Your work will include developing detections based on use cases, integrating threat intelligence, and addressing visibility gaps across both on-prem and cloud environments. You’ll collaborate closely with cybersecurity teams and business areas to build scalable, resilient detection workflows that reflect evolving attacker tactics and business risks.
This role is ideal for someone with a strong foundation in SOC operations and a passion for proactive threat detection, who’s ready to take the next step in shaping a modern, intelligence-driven security posture.
Key Responsibilities
· Design and implement cyber detection rules based on use cases across IT and cloud infrastructure.
· Build and fine-tune custom detection logic for complex environments and emerging threats.
· Identify and remediate visibility gaps in telemetry and detection coverage.
· Integrate threat intelligence into detection strategies to assess real-world impact.
· Monitor evolving attacker TTPs and incorporate them into detection logic.
· Apply GitOps and CI/CD principles to automate detection engineering workflows.
· Collaborate regularly with Threat Intelligence, SOC, and Threat Emulation teams to enhance threat visibility and response.
· Contribute to the development of a scalable, repeatable Detection Lifecycle framework.
Experience and Qualifications Required
Threat Intelligence & Analysis
- Ability to assess and contextualize external threat intelligence (e.g., APT groups, malware, zero-days).
- Skilled at translating complex threat data into actionable insights for diverse detection use cases.
- Experience producing tailored detection outputs aligned with threat scenarios.
Technical Proficiency
- Deep understanding of security tools including EDR, IDS/IPS, firewalls, and Windows/Linux logging.
- Hands-on experience with SIEM platforms (e.g., Chronicle, Sentinel) and threat intelligence platforms (e.g., Recorded Future, Anomali).
- Strong scripting skills in Python (required); familiarity with PowerShell or Bash.
- Proficient in regular expressions for detection logic development.
- Familiarity with DevOps practices, Git, and CI/CD pipelines.
- Broad experience across both offensive and defensive cybersecurity disciplines.
- Confident communicator with a track record of collaborating across global technical teams.
- Proactive, curious, and driven by continuous improvement.
- Passionate about building scalable, resilient detection capabilities that deliver real impact.
Cloud & Infrastructure Knowledge
- Strong understanding of Azure and GCP services (e.g., GKE, App Engine, Database, VPC).
- Experience with cloud-native telemetry and detection strategies in hybrid environments.
Detection Engineering & Automation
- Skilled in Detection-as-Code and version-controlled rule development.
- Experience automating detection workflows and integrating with APIs.
- Ability to correlate across multiple data sources (logs, alerts, CTI) to support deeper investigations.
Security Frameworks & Methodologies
- Expertise in MITRE ATT&CK, Cyber Kill Chain, and the Diamond Model.
- Familiarity with threat modeling, purple teaming, and detection lifecycle management.
- Experience applying Detection Development Lifecycle frameworks.
Desirable Qualifications/Certifications
- SANS SEC555: Detection Engineering and SIEM Analytics
- MAD20 ATT&CK® Threat Hunting and Detection Engineering Certification
Salary, Benefits, and Work-Life Balance
We offer a competitive salary and remuneration package that reflects the experience and qualifications of the successful candidate. We welcome CVs from all candidates who meet the requirements and are happy to discuss the details of the compensation package during the recruitment process.
Admiral takes pride in being a diverse organisation that prioritises its people and customers. We offer excellent benefits to support a healthy work-life balance. It’s one of the key reasons we consistently rank among the best workplaces in Canada and globally. You’ll have some autonomy in scheduling to help balance personal flexibility with business needs.
All Admiral colleagues are entitled to 34 days of paid time off annually
, including statutory holidays. As your length of service increases, your entitlement will grow—up to a maximum of 39 days
, including statutory holidays. We believe in providing ample time for rest and rejuvenation.
You can explore more of our key benefits here: https://joinadmiral.ca/employee-benefits/
Our Commitment to You
Admiral is committed to fostering a diverse and inclusive workplace. We are proud to be an equal opportunity employer and do not discriminate based on race, national origin, gender, gender identity, sexual orientation, ability, age, family status, or any other legally protected status. We believe that all qualified applicants should receive equal consideration for employment.
Detection Engineer
Top Benefits
About the role
Technology is at the heart of driving Admiral’s business.
About Admiral Tech
Admiral Group, a UK financial services leader with a history of innovation, is expanding its world-class Tech department in Canada.
Our technology team, comprising over 600 professionals, spans areas from Cloud to DevOps, creating an exciting and fast-paced environment. If you're seeking a technically challenging and rewarding role with exceptional support and opportunities for growth, you've come to the right place.
Discover more about Admiral Tech ( https://www.admiraljobs.co.uk/admiral-tech ) .
About Admiral Canada
Admiral, one of the UK's most recognizable insurance and financial service providers, serves over 9.1 million international customers with insurance, loans, and various other products.
In 2007, Admiral established its Canadian office in Halifax with just 20 staff members. Today, we employ over 400 people across Nova Scotia, supporting our UK customers with home and motor insurance policies.
In 2022, we launched our Cyber Security team in Canada, providing wrap-around global support to our business. With the industry's forward momentum and a vibrant, homegrown talent pool of emerging professionals, we've quickly become a formidable tech presence within Admiral Group.
Read more about Admiral Cyber Security in Canada (https://joinadmiral.ca/life-at-admiral/post/62/Admiral-UK's-Information-Security-Growth-Anchored-by-NS-&-BC-Talent/ )
About the Job – Detection Engineer
As a Detection Engineer, you’ll play a key role in safeguarding Admiral’s digital infrastructure. You’ll be responsible for designing and enhancing detection capabilities to identify and respond to cyber threats swiftly and effectively.
Your work will include developing detections based on use cases, integrating threat intelligence, and addressing visibility gaps across both on-prem and cloud environments. You’ll collaborate closely with cybersecurity teams and business areas to build scalable, resilient detection workflows that reflect evolving attacker tactics and business risks.
This role is ideal for someone with a strong foundation in SOC operations and a passion for proactive threat detection, who’s ready to take the next step in shaping a modern, intelligence-driven security posture.
Key Responsibilities
· Design and implement cyber detection rules based on use cases across IT and cloud infrastructure.
· Build and fine-tune custom detection logic for complex environments and emerging threats.
· Identify and remediate visibility gaps in telemetry and detection coverage.
· Integrate threat intelligence into detection strategies to assess real-world impact.
· Monitor evolving attacker TTPs and incorporate them into detection logic.
· Apply GitOps and CI/CD principles to automate detection engineering workflows.
· Collaborate regularly with Threat Intelligence, SOC, and Threat Emulation teams to enhance threat visibility and response.
· Contribute to the development of a scalable, repeatable Detection Lifecycle framework.
Experience and Qualifications Required
Threat Intelligence & Analysis
- Ability to assess and contextualize external threat intelligence (e.g., APT groups, malware, zero-days).
- Skilled at translating complex threat data into actionable insights for diverse detection use cases.
- Experience producing tailored detection outputs aligned with threat scenarios.
Technical Proficiency
- Deep understanding of security tools including EDR, IDS/IPS, firewalls, and Windows/Linux logging.
- Hands-on experience with SIEM platforms (e.g., Chronicle, Sentinel) and threat intelligence platforms (e.g., Recorded Future, Anomali).
- Strong scripting skills in Python (required); familiarity with PowerShell or Bash.
- Proficient in regular expressions for detection logic development.
- Familiarity with DevOps practices, Git, and CI/CD pipelines.
- Broad experience across both offensive and defensive cybersecurity disciplines.
- Confident communicator with a track record of collaborating across global technical teams.
- Proactive, curious, and driven by continuous improvement.
- Passionate about building scalable, resilient detection capabilities that deliver real impact.
Cloud & Infrastructure Knowledge
- Strong understanding of Azure and GCP services (e.g., GKE, App Engine, Database, VPC).
- Experience with cloud-native telemetry and detection strategies in hybrid environments.
Detection Engineering & Automation
- Skilled in Detection-as-Code and version-controlled rule development.
- Experience automating detection workflows and integrating with APIs.
- Ability to correlate across multiple data sources (logs, alerts, CTI) to support deeper investigations.
Security Frameworks & Methodologies
- Expertise in MITRE ATT&CK, Cyber Kill Chain, and the Diamond Model.
- Familiarity with threat modeling, purple teaming, and detection lifecycle management.
- Experience applying Detection Development Lifecycle frameworks.
Desirable Qualifications/Certifications
- SANS SEC555: Detection Engineering and SIEM Analytics
- MAD20 ATT&CK® Threat Hunting and Detection Engineering Certification
Salary, Benefits, and Work-Life Balance
We offer a competitive salary and remuneration package that reflects the experience and qualifications of the successful candidate. We welcome CVs from all candidates who meet the requirements and are happy to discuss the details of the compensation package during the recruitment process.
Admiral takes pride in being a diverse organisation that prioritises its people and customers. We offer excellent benefits to support a healthy work-life balance. It’s one of the key reasons we consistently rank among the best workplaces in Canada and globally. You’ll have some autonomy in scheduling to help balance personal flexibility with business needs.
All Admiral colleagues are entitled to 34 days of paid time off annually
, including statutory holidays. As your length of service increases, your entitlement will grow—up to a maximum of 39 days
, including statutory holidays. We believe in providing ample time for rest and rejuvenation.
You can explore more of our key benefits here: https://joinadmiral.ca/employee-benefits/
Our Commitment to You
Admiral is committed to fostering a diverse and inclusive workplace. We are proud to be an equal opportunity employer and do not discriminate based on race, national origin, gender, gender identity, sexual orientation, ability, age, family status, or any other legally protected status. We believe that all qualified applicants should receive equal consideration for employment.