Senior Logging & Detection Engineer

About the role

Join Clio, a rapidly growing legal tech company, as a Senior Logging & Detection Engineer. In this role, you will lead the technical direction of our Security team and Logging Engineering team. You will be responsible for developing and optimizing our security detection capabilities, designing and implementing detection rules and queries, and driving performance optimization strategies. This position is available to candidates across Canada (excluding Quebec) and offers a range of benefits, including company equity, 401k, and customizable extended health benefits. Key missions: Lead the design and implementation of sophisticated detection rules and queries across various logging platforms.. Serve as the primary liaison with the threat intelligence team, developing and owning the framework to translate intelligence into scalable detection capabilities.. Drive performance optimization and resource utilization strategies across petabyte-scale log datasets, including index design and data tiering. Profile: - Are you someone who's always probing and asking why at an architectural level, someone who enjoys finding system-wide patterns in data and designing smarter, fault-tolerant detection logic? - If so, we have a strategic spot for you on Clio's new Logging Engineering team - If you have a deep background in security analytics and senior level experience in platform-level log analysis and detection engineering, then we want to talk to you - Deep dashboard and visualization expertise with tools like Kibana, Grafana, or Tableau, specifically for security metrics and executive reporting - Architectural experience integrating and optimizing SIEM platforms, SOAR tools, and security orchestration systems - Significant incident response experience providing expert-level technical analysis and forensic support during major security incidents - Extensive Detection Engineering experience owning the full lifecycle of rules, alerts, and automated response workflows within a SIEM/SOAR environment - Demonstrate a keen interest in improving your craft by using AI - Proven expertise in leading threat hunting efforts using log data to proactively identify and track sophisticated threats and anomalous behavior across the environment - Senior-level expertise building and scaling enterprise-grade detection capabilities and security monitoring systems - Senior-level scripting and automation abilities (Python/Go/PowerShell), used to build custom tools, manage APIs, and drive detection automation at scale - Advanced log analysis skills across diverse, large-scale data sources, including multi-cloud logs (AWS, Azure, GCP), network flows, and advanced security tool outputs - Expert performance optimization skills covering query tuning, index design, data partitioning, and overall resource-efficient analytics on big data - Expert-level query language proficiency in at least two of the following: Elasticsearch/Lucene, SQL, KQL (Kusto), or SPL (Splunk), demonstrating advanced optimization techniques - Strategic experience with advanced analytics, machine learning, or statistical modeling for security, such as User and Entity Behavior Analytics (UEBA) or predictive threat modeling - Industry-recognized security certifications such as GCTI, GCFA, GNFA, or CISSP - Multi-platform security architecture experience across major cloud environments (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs) - Deep, practical experience building custom detection content mapped directly to the MITRE ATT&CK framework, including coverage gap analysis - Track record of open source contributions to detection rule repositories, security analytics tools, or SIEM content - Data science or advanced mathematics background with direct experience in anomaly detection, clustering, or predictive analytics for security - Cloud security analytics mastery utilizing cloud-native security services (e.g., Security Hub, Defender for Cloud) and serverless detection architectures - Expert API integration skills for automated, real-time threat intelligence ingestion and centralized detection rule management - Compliance and reporting leadership experience building analytics and dashboards for regulatory requirements (e.g., SOC 2, ISO 27001) and defining key security metrics