Senior Logging

Clio is the global leader in legal AI technology, empowering legal professionals and law firms of every size to work smarter, faster, and more securely.

We are currently seeking a Senior Logging & Detection Engineer to lead the technical direction within our rapidly growing Security team and our new Logging Engineering team. This role is for a seasoned professional passionate about building sophisticated, scalable detection architectures, mastering efficient queries at petabyte scale, and driving strategic security analytics through log data. You will own the detection and analysis layer of our logging platform, serving as the domain expert who makes a tangible, high‑impact difference to our security monitoring capabilities.

This role is available to candidates across Canada (excluding Quebec). If you are local to one of our hubs (Burnaby, Calgary, or Toronto) you will be expected to be in office minimum two days per week for our Anchor Days.

What your team does:

We are looking for the right candidate to develop, optimize, and serve as the technical lead for our security detection capabilities, and be the technical expert in query optimization and analytics. If you have a deep background in security analytics and senior level experience in platform‑level log analysis and detection engineering, then we want to talk to you.

What you’ll work on:

- Lead the design and implementation of sophisticated, production‑ready detection rules and queries across the ELK stack, security data lakes, and multi‑cloud logging platforms.

- Architect and optimize complex search queries, aggregations, and analytics dashboards for high‑velocity security monitoring, focusing on performance and cost efficiency.

- Design and build automated detection and response workflows (SOAR), ensuring seamless and reliable integration with critical incident response systems.

- Serve as the primary liaison with the threat intelligence team, developing and owning the framework to translate intelligence into scalable, actionable detection capabilities (e.g., MITRE ATT&CK coverage).

- Establish and maintain a robust detection rule library, query templates, and lead the creation of security analytics playbooks for the wider team.

- Drive performance optimization and resource utilizationabyte‑scale log datasets, including index design and data tiering.

- Develop and standardize custom visualizations, dashboards, and executive reporting capabilities for security stakeholders.

- Lead complex threat hunting operations, mentor junior team members on investigative techniques, and proactively refine detection logic to achieve near‑zero false positive rates.

- Collaborate closely with the platform team to define the logging architecture roadmap based on future detection requirements and security observability goals.

- Proactively research emerging threats and attack patterns, translating novel techniques into strategic, forward‑looking detection logic and advising security leadership.

What you bring:

- Senior‑level expertise building and scaling enterprise‑grade detection capabilities and security monitoring systems.

- Expert‑level query language proficiency in Elasticsearch/Lucene, SQL, KQL (Kusto), or SPL (Splunk), demonstrating advanced optimization techniques.

- Extensive Detection Engineering experience owning the full lifecycle of rules, alerts, and automated response workflows within a SIEM/SOAR environment.

- Advanced log analysis skills across diverse, large‑scale data sources, including multi‑cloud logs (AWS, Azure, GCP), network flows, and advanced security tool outputs.

- Deep dashboard and visualization expertise with Kibana, Grafana, or Tableau for security metrics and executive reporting.

- Proven expertise in leading threat hunting efforts using log data to proactively identify and track sophisticated threats and anomalous behavior across the environment.

- Senior‑level scripting and automation abilities (Python/Go/PowerShell) for building custom tools, managing APIs, and driving detection automation at scale.

- Architectural experience integrating and optimizing SIEM platforms, SOAR tools, and security orchestration systems.

- Expert performance optimization skills covering query tuning, index design, data partitioning, and resource‑efficient analytics on big data.

- Significant incident response experience providing expert‑level technical analysis and forensic support during major security incidents.

Nice to have:

- Strategic experience with advanced analytics, machine learning, or statistical modeling for security, such as UEBA or predictive threat modeling.

- Multi‑platform security architecture experience across AWS CloudTrail, Azure Activity Logs, GCP Audit Logs.

- Experience building custom detection content mapped directly to MITRE ATT&CK, including coverage gap analysis.

- Industry‑recognized security certifications such as GCTI, GCFA, GNFA, or CISSP.

- Open source contributions to detection rule repositories, security analytics tools, or SIEM content.

- Data science or advanced mathematics background with experience in anomaly detection, clustering, or predictive analytics for security.

- Expert API integration skills for automated, real‑time threat intelligence ingestion and centralized detection rule management.

- Cloud security analytics mastery utilizing cloud‑native security services (e.g., Security Hub, Defender for Cloud) and serverless detection architectures.

- Compliance and reporting leadership experience building analytics and dashboards for SOC 2, ISO 27001, and other regulatory requirements.

Benefits:

- Competitive, equitable salary with top‑tier health, dental, and vision insurance.

- Hybrid work environment; expectation for local Clions to be in office minimum twice per week.

- Flexible time off policy, with an encouraged 20 days off per year.

- $2,000 annual counseling benefit.

- RRSP matching and RESP contribution.

- Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years.

The expected salary range for this role is $146,200 to $197,800 CAD.

We are committed to equal employment and encourage candidates from all backgrounds to apply.

Clio provides accessibility accommodations during the recruitment process. If you require any accommodation, please let us know.

#J-18808-Ljbffr