Security Operations Engineer

Established in 2006, CyberClan’s carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesses running as usual. CyberClan’s Global Incident Response Teams are available 24/7/365 to leap into action, responding to all cyber-attacks with proven defensive methodology, we quickly identify, contain, eradicate and recover from a cyber-attack. Our goal is to get businesses fully operational as quickly as possible and to further prevent any downtime or impact to the business operations.

Summary/Objective

CyberClan is seeking a SecOps Engineer to serve as the technological backbone of their security

operations. This role focuses on ensuring the reliability, scalability, and performance of core systems— including SIEM platforms, data pipelines, and custom scripting—within a 24/7 global Managed Security Service Provider (MSSP) environment. This position will report to the SecOps Lead.

Essential Functions

Customer Onboarding & Integration

• Implementations: Configure SIEM/SOAR environments and data connectors based on specific Scope of Work (SOW) documents.
• Consultation: Lead technical scoping calls to align SLA expectations, explain architectural constraints, and clarify requirements with customers.
• Validation: Ensure parser accuracy, data flow, and log volume/retention settings are fully validated before handing off to the SOC.
• Documentation: Create customer-specific runbooks detailing prerequisites and integration configurations, System Reliability & Observability
• Monitoring: Use tools like Grafana, Elastic, or CloudWatch to track system health, log ingestion latency, and parser error rates.
• Performance: Conduct capacity planning, stress testing, and performance tuning to ensure the platform scales with customer growth.
• Maintenance: Align all maintenance activities with customer SLAs and planned windows, while proactively resolving issues to maintain uptime.

Pipeline Optimization & Data Engineering

• Data Integrity: Manage log collectors (Graylog, Kafka, Fluentd) and ensure data is normalized,

enriched, and validated to support accurate detection.

• Security: Apply best practices to the pipeline itself, including secrets management, least-privilege access, and environment segregation (dev/test/prod).
• Change Management: Control all script and pipeline changes using Version Control (Git) and Infrastructure-as-Code (Terraform, Ansible) with mandatory code reviews.
• Support, Incident Response (IR) & Troubleshooting
• Escalation: Provide N2 support to SOC analysts for pipeline breakdowns, data delays, or platform failures.
• RCA: Conduct Root Cause Analysis for infrastructure incidents, documenting findings and remediation steps for both internal teams and customers.
• Client Support: assist customers with network-level diagnostics (VPN, firewall, proxy, TLS) and API authentication issues.

Continuous Improvement & Documentation

• Automation: Identify repetitive tasks in monitoring and onboarding to automate, aiming to reduce human error and operational overhead.

Searching for Cyber Security roles that provide visa sponsorship? Connect with international employers through Cyber Security Jobs with Visa Sponsorship opportunities actively seeking talented professionals.

• Knowledge Management: Maintain a knowledge base of architectural decisions, lessons learned, and runbooks to reduce silos across distributed teams.

Primary Outcomes & Metrics

• Reliability: High availability of SIEM/SOAR platforms and reliable data ingestion across all customer environments.
• Efficiency: Reduced Mean Time To Resolution (MTTR) for infrastructure issues and decreased operational burden on the SOC team.
• Scalability: Implementation of scalable data ingestion that supports detection workflows.
• Customer Trust: High satisfaction driven by responsive technical support and proactive communication during outages or changes.
• Learning: A reduction in recurring incidents achieved through structural improvements derived from Root Cause Analysis.

Required Skills and Experience Technical Skills

• SIEM/SOAR: Hands-on experience in multi-tenant environments using platforms such as Microsoft Sentinel, Splunk, QRadar, Exabeam, Sumo Logic, or Elastic.
• Data Pipelines: Deep expertise with Graylog, Kafka, Fluentd, or Logstash, including log parsing, normalization, and schema design.
• DevOps & Coding:
• Scripting: Proficiency in Python, Bash, or PowerShell for automation.
• IaC & CI/CD: Experience with Terraform, Ansible, Helm, and pipelines like Jenkins, GitLab CI, or GitHub Actions.
• Cloud & Containers:
• Platforms: Experience with Azure, AWS, or GCP, including serverless and managed

databases.

• Orchestration: Hands-on work with Docker and Kubernetes, including container networking and persistent storage.
• Networking & Security:
• Protocols: Strong grasp of TCP/IP, DNS, VPNs, ZTNA, SSL/TLS, and firewalls.
• Hardening: Experience with secrets management (Vault, AWS Secrets Manager) and securing privileged access.
• Data Formats: Familiarity with CEF, Syslog, and JSON

Operational & Soft Skills

• ITSM Proficiency: Experience with ITIL workflows (incident, change, problem management) and ticket systems.
• Communication: Ability to explain technical impact to internal stakeholders (SOC/IR) and external customers during crisis scenarios.
• Remote Collaboration: Capability to work in distributed, remote-first teams, communicating asynchronously across time zones.
• Problem Solving: Strong analytical skills to trace issues through complex systems and document RCAs clearly

Certifications:

• AWS Certified Solutions Architect, Azure Administrator, or Google Cloud Professional (cloud infrastructure).
• Kubernetes (CKA) or container certification.
• Relevant security certifications (CISSP, CCSK, or equivalent) demonstrating breadth of security

knowledge.

• Open-source contributions to security projects (Sigma rules, Splunk apps, Elastic integrations, etc.) or DevOps/SRE tools.

Work Schedule & On-Call

Schedule: Full-time standard business hours. Includes an on-call rotation for critical incidents, which may require evening/weekend coverage during emergencies

Cyberclan is committed to equal pay for equal work in its compensation practices. The base salary range for this position in Canada is $80,000 - $95,000 CAD per year + RRSP+ benefits. A candidate’s salary is determined by various factors including, but not limited to, relevant work experience, skills, certifications and location. This is Canadian-based employment, and it is expected that all employees maintain legal entitlement to work in Canada. Applicants selected to move forward in the hiring process are subject to background checks, including but not limited to criminal record, credit, and/or reference checks.,

Job Type

Full-time/Exempt

Location

100% Telecommuting

%of Travel Required

0-5%

Physical Requirements

Prolonged periods of sitting at a desk and working on a computer

CyberClan is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status