Developer, Cyber Detection

Developer, Cyber Detection

Take a central role

The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment. 

Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.  

With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers:  Working Here - Bank of Canada

Find out more about the next steps in our Recruitment process. 

About the position
We are seeking a Developer, Cyber Detection to join our Cyber Security Operations team! Our team is responsible for detecting and responding to external and internal cyber threats that would have an impact on the business functions of Canada’s Central Bank.

Reporting to the Assistant Director, Cyber Security Operations you will join a highly impactful Cyber Security Operations Centre (CSOC) team with the mission to keep Canada’s economy safe & secure. Our team is a collaborative group of about 15-20 individuals across multiple domains focused on building monitoring and analysis capabilities, integration, automation, and delivering value to clients quickly and iteratively. 

Further - you will be provided with the chance to make recommendations on processes and technology along with the opportunity to utilize state-of-the-art Enterprise Cyber Security Solutions and consistently learn as technology in the industry evolves.

What you will do: 
You will play a critical role in the development and maintenance of security detection capabilities that protect our organization's infrastructure, applications, and users. Your work will directly support the portfolio's mission of identifying and mitigating cyber threats, with an emphasis on innovation and efficiency.

In addition, you will: 

• Proactively monitor and tune detections: Ensure high-fidelity and low-noise alerts through iterative improvements and data-driven decisions.
• Collaborate with threat intelligence teams: Leverage threat intelligence to inform detection engineering efforts and adapt to the evolving threat landscape.
• Enhance detection logic through behavior analysis: Analyze attacker tactics, techniques, and procedures (TTPs) and design behavioral-based detections.
• Perform detection gap assessments: Identify and address gaps in current detection capabilities by reviewing existing use cases and telemetry coverage.
• Participate in threat hunting operations: Assist in uncovering advanced persistent threats (APTs) and unknown threat activity.
• Support red and purple team exercises: Validate and improve detection capabilities by collaborating with offensive security teams.
   

What You Need to Succeed
We are looking for candidates who embody a growth mindset and possess the technical acumen to thrive in a challenging and rewarding environment. You should be passionate about security, collaborative in nature, and excited by the opportunity to stay at the forefront of Detection Engineering.

In addition, you have:

• A demonstrated understanding of detection frameworks: Familiarity with detection-as-code frameworks like Sigma or query language such as Splunk SPL (Search Processing Language) and Windows Sentinel KQL (Kusto Query Language), and the ability to implement and manage them across platforms.
• Log analysis expertise: Proficiency in analyzing and querying diverse log sources (e.g., Sysmon, Crowdstrike, Sentinel, MDE, Splunk, Elastic) to detect anomalies and threats.
• Knowledge of advanced TTPs and frameworks: Expertise in frameworks such as MITRE ATT&CK and their practical application to detection development.
• Experience with modern security tools: Hands-on experience with EDR/XDR platforms, Intrusion Detection and Prevention Systems (IDPS), Web Proxy, Antivirus, Security Information and Event Management (SIEMs), SOAR tools, and network traffic analysis tools.
• Data analysis and enrichment: Ability to work with large datasets to create meaningful and actionable detections, using techniques like feature extraction or correlation analysis.
• Incident response collaboration: A proven ability to support Security Operations Center (SOC) teams during active investigations, providing expertise on detection mechanisms and telemetry sources.
• Experience and knowledge of the internal workings of Windows, Linux OS, and virtual environments.
• Experience with managing and writing clean code (specific experience in Python, PowerShell, SPL, KQL or bash scripting considered an asset).

Nice-to-Have  
We value additional skills and experiences that could set you apart:

• Experience with telemetry design and optimization: Helping teams ensure appropriate logging and telemetry is enabled to support detection goals.
• Proficiency in reverse engineering or malware analysis: Understanding adversary tradecraft to create highly targeted detections.
• Knowledge of attack simulation tools: Familiarity with adversary emulation platforms such as Atomic Red Team, CALDERA, or Red Canary.

Your education and experience

We’re looking for passionate problem-solvers with a relevant degree or diploma in cybersecurity, computer science, or a related field. Prior experience is great, but what truly matters is your curiosity, your willingness to learn, and your ability to adapt in the ever-evolving world of cybersecurity. Whether you’re just starting out or sharpening your skills, we’ll support you in becoming a key player on our team.

Bring your creativity, determination, and love for security—we'll provide the challenges, the tools, and the opportunity to grow.

Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve second their language proficiency for future career growth and to contribute towards fostering a bilingual environment.

What you need to know

• Priority will be given to Canadian citizens and permanent residents
• Security level required: Be eligible to obtain Secret 
• Relocation assistance may be provided, if required
• Please save a copy of the job poster. Once the closing date has passed, it will no longer be available. 
• The official title for this position is “Developer ” 

Hybrid Work Model

The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a substantial part of each month as part of the Bank`s hybrid work model, and they are expected on site at the Bank location a minimum of eight days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider. 

• Salaries are based on qualifications and experience and typically range from $80,967 to $95,255 (job grade 15)
• The Bank offers an incentive for successfully meeting expectations at  5 to 7% of your base salary. The Bank offers additional performance pay (3%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
• Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
• Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
• Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.