Worker Sub-Type: Regular Job Description: SUMMARY: BlackBerry is seeking a dynamic Senior Security Operations Engineer who thrives in an environment that demands constant adaptation and improvement. This role requires someone who can seamlessly pivot between operational response and engineering improvements - investigating complex security alerts one moment and automating similar cases the next. You'll transform manual processes into automated workflows, convert successful threat hunts into persistent detection rules, and continuously enhance our security capabilities. This position sits at the critical intersection of day-to-day security operations and strategic capability advancement. RESPONSIBILITIES: Operational Excellence & Engineering Improvement: Triage and investigate complex security alerts while identifying opportunities for automation Convert manual investigation steps into automated enrichment and response workflows Transform successful threat hunting techniques into persistent detection rules Build and deploy custom detection logic based on emerging threat intelligence Continuous Advancement: Constantly evaluate security tool effectiveness and implement enhancements Develop SOAR playbooks to automate routine investigations and responses Create metrics to measure operational efficiency and security effectiveness Implement feedback loops to continuously refine detection and response capabilities Collaborative Leadership: Drive knowledge sharing across the security team on new detection methods Partner with infrastructure teams to improve security visibility Mentor team members on automation techniques and detection engineering Communicate complex security findings to technical and non-technical stakeholders QUALIFICATIONS: Bachelor's Degree in a technical discipline; computer science, cybersecurity, or related field preferred 5+ years experience in security operations with demonstrated progression toward engineering responsibilities Proven experience with both: Hands-on security alert investigation and incident response Development of automation and detection engineering Strong programming skills with demonstrated proficiency in Python, Regex and experience with APIs Experience designing and implementing detection rules in SIEM or EDR platforms Hands-on experience with security orchestration and automation (SOAR) platforms Demonstrated ability to rapidly pivot between operational tasks and engineering improvements Experience translating threat intelligence into actionable detection capabilities Strong understanding of common attack techniques and defensive countermeasures Experience with cloud security monitoring in AWS, GCP, or Azure environments TECHNICAL EXPERTISE (Must have experience with several of the following): SIEM platforms (Rapid 7 IDR, Wazuh, Microsoft Sentinel, etc.) SOAR technologies (Rapid 7 Insight Connect, Palo Alto XSOAR, etc.) EDR/XDR solutions Cloud security and monitoring tools Infrastructure-as-code tools (Terraform, CloudFormation) Version control systems (Git) CI/CD pipelines and processes Scripting and automation (Python, PowerShell, Regex) Threat intelligence platforms PROFESSIONAL QUALITIES: Adaptability: Comfortable rapidly switching context between operational and engineering tasks Pattern Recognition: Exceptional ability to identify automation opportunities within operational workflows Continuous Improvement Mindset: Naturally seeks to enhance processes and capabilities Problem-Solving Agility: Can quickly troubleshoot immediate issues while developing long-term solutions Communication: Effectively shares insights across technical and non-technical audiences Initiative: Self-directed in identifying and addressing security gaps Collaboration: Works seamlessly across team boundaries to improve overall security posture DESIRED ADDITIONAL QUALIFICATIONS: Security certifications (SANS GIAC, CISSP, OSCP, etc.) Experience with threat modeling and adversary emulation Experience with security data science or security analytics Contributions to open-source security tools or research Experience measuring and demonstrating security program effectiveness #LI-NR1 Scheduled Weekly Hours: 40 BlackBerry (NYSE: BB; TSX: BB) is a trusted security software and services company that provides enterprises and governments with the technology they need to secure the Internet of Things. Headquartered in Waterloo, Ontario, the company is unwavering in its commitment to safety, cybersecurity and data privacy, and leads in key areas such as artificial intelligence, endpoint security and management, encryption and embedded systems. You couldn’t choose a more exciting time to consider joining us! For more information, visit BlackBerry.com and follow @BlackBerry. ©2025 BlackBerry. All right reserved. BlackBerry® and related trademarks, names, and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. It is the policy of BlackBerry to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, creed, religion, national origin, alienage or citizenship, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. EEO Minorities/Females/Protected Veteran/Disabled BlackBerry strives to create an accessible and inclusive application and selection process and is committed to working with and providing reasonable accommodation to job applicants who may require provisions to participate in the selection process. Should you require an accommodation, please contact recruitment@blackberry.com or contact our HR department by calling 1-519-888-7465. We will reply to your request as soon as possible. FEDERAL POSTERS: Federal Employment Law Posters: EEO is the Law Employee Polygraph Protection Act FMLA Federal Contractor Postings: E-Verify Right to Work EEO is the Law Supplement Pay Transparency HELPFUL LINKS: Contact Us Application Process Careers FAQ RETURN TO JOB POSTINGS
