View all jobs
Security Engineer-2026-1
Calgary, AlbertaThe Threat Intelligence Security Engineer is a hands-on, contract position responsible for operationalizing, measuring, and maximizing the return on investment (ROI) from the organization's external threat intelligence assets and monitoring tools. This role is critical for transforming raw data from premium sources into actionable, quantifiable defense strategies and providing clear, decisive analysis that demonstrates value and impact to senior leadership and other teams. This role requires a mandatory one-day-per-week on-site presence in either the Calgary or Edmonton office.
Key Responsibilities
TIP Management & Optimization: Serve as a core contributor and technical resource for our Threat Intelligence Platforms (TIPs), specifically Anomali ThreatStream and Mandiant/Google Threat Intelligence.
Value Extraction & Automation:Actively develop custom queries, API integrations, and scripting (primarily Python) to automate the ingestion, enrichment, and correlation of IOCs and actor TTPs from all feeds.
End-to-End Threat Hunting Leadership: Lead the planning, execution, and formal reporting of intelligence-driven Threat Hunts.
This includes developing clear hypotheses based on current threat actor TTPs (mapped via MITRE ATT&CK), coordinating execution across multiple defensive teams (e.g., SOC, IR), validating new detection opportunities, and ensuring all activity delivers measurable value back to defense operations.
Intelligence Production & Dissemination: Translate complex technical analysis (tactical data) into clear, context-rich operational and strategic intelligence reports, ensuring timely and targeted dissemination to IR, SOC, and executive stakeholders.
Adversary Profiling: Proactively track and profile cyber threat actors relevant to the financial sector, mapping their capabilities and infrastructure to the MITRE ATT&CK Framework.
Defensive Enhancement & Process Codification: Collaborate actively with Security Operations and Vulnerability Management teams to implement new detection rules, fine-tune existing security controls based on validated threat intelligence, and write clear, concise documentation (SOPs, Job Aids) to codify new processes.
Key Responsibilities
TIP Management & Optimization: Serve as a core contributor and technical resource for our Threat Intelligence Platforms (TIPs), specifically Anomali ThreatStream and Mandiant/Google Threat Intelligence.
Value Extraction & Automation:Actively develop custom queries, API integrations, and scripting (primarily Python) to automate the ingestion, enrichment, and correlation of IOCs and actor TTPs from all feeds.
End-to-End Threat Hunting Leadership: Lead the planning, execution, and formal reporting of intelligence-driven Threat Hunts.
This includes developing clear hypotheses based on current threat actor TTPs (mapped via MITRE ATT&CK), coordinating execution across multiple defensive teams (e.g., SOC, IR), validating new detection opportunities, and ensuring all activity delivers measurable value back to defense operations.
Intelligence Production & Dissemination: Translate complex technical analysis (tactical data) into clear, context-rich operational and strategic intelligence reports, ensuring timely and targeted dissemination to IR, SOC, and executive stakeholders.
Adversary Profiling: Proactively track and profile cyber threat actors relevant to the financial sector, mapping their capabilities and infrastructure to the MITRE ATT&CK Framework.
Defensive Enhancement & Process Codification: Collaborate actively with Security Operations and Vulnerability Management teams to implement new detection rules, fine-tune existing security controls based on validated threat intelligence, and write clear, concise documentation (SOPs, Job Aids) to codify new processes.