CDC Content Detection Engineer - Montreal - CMA CGM

Description

POSITION SUMMARY

The CDC Content Detection Engineer is responsible for designing, optimizing, and continuously improving detection logic across SIEM/XDR platforms. Owns detection use cases, rule lifecycle, and MITRE ATT&CK coverage, and actively drives AI and machine learning adoption to enhance detection accuracy and reduce false positives. Works closely with SOC operations, Threat Intelligence, Purple Team, Forensics, and Automation teams to translate real-world threats into actionable, high-quality detections.

RESPONSIBILITIES

Within the Cyber Defense Center, Cybersecurity Content Engineer will:

Contribute to CMA-CGM group Continuous Improvement of SOC Posture

• Drive continuous improvement of detection capabilities through regular evaluation of existing rules, dashboards, and use cases to identify gaps and optimization opportunities.
• Adoption of AI and advanced analytics to enhance detection accuracy, reduce false positives, and improve signal quality across the SOC.
• Design, fine-tune, and optimize detection logic by adjusting rules, thresholds, KPIs, correlations, and whitelisting to improve precision and coverage.
• Expand and maintain MITRE ATT&CK coverage, mapping existing detections and designing new use cases aligned with evolving adversary techniques.
• Continuously assess detection effectiveness and content performance, leveraging metrics and feedback from SOC operations to drive iterative improvements.
• Collaborate closely with Run, Content, Automation, Forensics, CTI and Purple Team to translate operational needs and threat intelligence into actionable detection strategies.
• Stay ahead of emerging threats, attack techniques, and defensive technologies, proactively evolving detection content and strategies.
• Mentor and support junior team members, promoting best practices in detection engineering and fostering a strong knowledge-sharing culture.
• Contribute to continuous learning initiatives, workshops, and internal knowledge-sharing sessions to strengthen team expertise and technical maturity.

AI Adoption & Advanced Detection Initiatives

• Spearhead AI adoption initiatives to enhance detection and response capabilities, driving innovation in how threats are identified and investigated.
• Leverage machine learning and advanced analytics features within the SIEM/XDR ecosystem to improve detection fidelity and reduce noise.
• Work with cross-functional teams to identify high-value AI use cases, ensuring alignment with real operational challenges and threat scenarios.
• Evaluate and experiment with emerging AI-driven security technologies, contributing to proof-of-concepts and strategic recommendations.
• Promote an AI-first mindset within the detection and content teams, helping shift from rule-based approaches to more adaptive, behavior-driven detection models.

Participate in Strategic & Technical Projects

• Participate in AI adoption initiatives to enhance detection capabilities, fostering strong cross-functional collaboration across teams.
• Contribute to security improvement projects aimed at strengthening the overall detection, response, and automation capabilities of the SOC.
• Work closely with Purple Team and Threat Intelligence teams to integrate intelligence-driven insights into SIEM content and detection engineering.
• Contribute to CI/CD pipelines and SOAR automation initiatives to improve deployment efficiency and operational scalability.
• Develop and maintain high-quality documentation (playbooks, SOPs, user guides) to support content lifecycle, build processes, and SOC operations.
• Participate in proof-of-concepts and evaluations of innovative security solutions to assess their value and integration potential.

QUALIFICATIONS

CANDIDATES MUST BE LEGALLY AUTHORISED TO WORK IN CANADA

Education

Bachelor's degree in Computer Science, IT Security, or equivalent

Certifications are an asset:

• ECSA – EC-Council
• CompTIA CySA+
• CIH
• OSCP
• Microsoft SC-200
• SANS certifications

Knowledge & Experience

• SOC and detection engineering: specializing in SIEM/XDR platforms (Elastic, Microsoft Sentinel, Microsoft Defender XDR) and cloud environments (AWS, Azure, GCP).
• Expertise in detection engineering and SIEM content development: advanced use cases, correlations, dashboards, and machine learning-based detections
• Ability to leverage AI and advanced analytics to improve detection accuracy, reduce false positives, and enhance threat visibility across complex environments (Jupyter Notebook, UEBA, msticpy, datalake)
• Knowledge of cybersecurity frameworks and models, including MITRE ATT&CK, Cyber Kill Chain, and threat intelligence-driven detection design.
• Understanding of adversary techniques, attack vectors, and exploitation methods, supported by hands-on exposure to ethical hacking methodologies and offensive tools.
• Background in security operations and threat detection across endpoint, network, cloud, identity, and email attack surfaces.
• Advanced analytical, problem-solving, and critical-thinking skills, able to translate complex threats into actionable detection strategies.
• Comfortable with Python and PowerShell to support detection logic, automation design, and analysis workflows.
• Experienced in mature SOC environments, working closely with CTI, Forensics, Purple Team, and Automation teams.

#J-18808-Ljbffr