Clio is the global leader in legal AI technology, empowering legal professionals and law firms of every size to work smarter, faster, and more securely.

We are transforming the legal experience for all by bettering the lives of legal professionals while increasing access to justice.

Summary:

We are currently seeking a Senior Logging & Detection Engineer to lead the technical direction within our rapidly growing Security team and our new Logging Engineering team. This role is for a seasoned professional passionate about building sophisticated, scalable detection architectures, mastering efficient queries at petabyte scale, and driving strategic security analytics through log data. You will own the detection and analysis layer of our logging platform, serving as the domain expert who makes a tangible, high-impact difference to our security monitoring capabilities.

This role is available to candidates across Canada (excluding Quebec). If you are local to one of our hubs (Burnaby, Calgary, or Toronto) you will be expected to be in office minimum two days per week for our Anchor Days.

What your team does:

Are you someone who's always probing and asking why at an architectural level, someone who enjoys finding system-wide patterns in data and designing smarter, fault-tolerant detection logic? If so, we have a strategic spot for you on Clio's new Logging Engineering team! We are looking for the right candidate to develop, optimize, and serve as the technical lead for our security detection capabilities, and be the technical expert in query optimization and analytics. If you have a deep background in security analytics and senior level experience in platform-level log analysis and detection engineering, then we want to talk to you.

What you’ll work on:

• Lead the design and implementation of sophisticated, production-ready detection rules and queries across the ELK stack, security data lakes, and multi-cloud logging platforms.

• Architect and optimize complex search queries, aggregations, and analytics dashboards for high-velocity security monitoring, focusing on performance and cost efficiency.

• Design and build automated detection and response workflows (SOAR), ensuring seamless and reliable integration with critical incident response systems.

• Serve as the primary liaison with the threat intelligence team, developing and owning the framework to translate intelligence into scalable, actionable detection capabilities (e.g., MITRE ATT&CK coverage).

• Establish and maintain a robust detection rule library, query templates, and lead the creation of security analytics playbooks for the wider team.

• Drive performance optimization and resource utilization strategies across petabyte-scale log datasets, including index design and data tiering.

• Develop and standardize custom visualizations, dashboards, and executive reporting capabilities for security stakeholders.

• Lead complex threat hunting operations, mentor junior team members on investigative techniques, and proactively refine detection logic to achieve near-zero false positive rates.

• Collaborate closely with the platform team to define the logging architecture roadmap based on future detection requirements and security observability goals.

• Proactively research emerging threats and attack patterns, translating novel techniques into strategic, forward-looking detection logic and advising security leadership.

What you bring:

• Senior-level expertise building and scaling enterprise-grade detection capabilities and security monitoring systems.

• Expert-level query language proficiency in at least two of the following: Elasticsearch/Lucene, SQL, KQL (Kusto), or SPL (Splunk), demonstrating advanced optimization techniques.

• Extensive Detection Engineering experience owning the full lifecycle of rules, alerts, and automated response workflows within a SIEM/SOAR environment.

• Advanced log analysis skills across diverse, large-scale data sources, including multi-cloud logs (AWS, Azure, GCP), network flows, and advanced security tool outputs.

• Deep dashboard and visualization expertise with tools like Kibana, Grafana, or Tableau, specifically for security metrics and executive reporting.

• Proven expertise in leading threat hunting efforts using log data to proactively identify and track sophisticated threats and anomalous behavior across the environment.

• Senior-level scripting and automation abilities (Python/Go/PowerShell), used to build custom tools, manage APIs, and drive detection automation at scale.

• Architectural experience integrating and optimizing SIEM platforms, SOAR tools, and security orchestration systems.

• Expert performance optimization skills covering query tuning, index design, data partitioning, and overall resource-efficient analytics on big data.

• Significant incident response experience providing expert-level technical analysis and forensic support during major security incidents.

Nice to have:

• Strategic experience with advanced analytics, machine learning, or statistical modeling for security, such as User and Entity Behavior Analytics (UEBA) or predictive threat modeling.

• Multi-platform security architecture experience across major cloud environments (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs).

• Deep, practical experience building custom detection content mapped directly to the MITRE ATT&CK framework, including coverage gap analysis.

• Industry-recognized security certifications such as GCTI, GCFA, GNFA, or CISSP.

• Track record of open source contributions to detection rule repositories, security analytics tools, or SIEM content.

• Data science or advanced mathematics background with direct experience in anomaly detection, clustering, or predictive analytics for security.

• Expert API integration skills for automated, real-time threat intelligence ingestion and centralized detection rule management.

• Cloud security analytics mastery utilizing cloud-native security services (e.g., Security Hub, Defender for Cloud) and serverless detection architectures.

• Compliance and reporting leadership experience building analytics and dashboards for regulatory requirements (e.g., SOC 2, ISO 27001) and defining key security metrics.

What you will find here:

Compensation is one of the main components of Clio’s Total Rewards Program. We have developed a series of programs and processes to ensure we are creating fair and competitive pay practices that form the foundation of our human and high-performing culture.

Some highlights of our Total Rewards program include:

• Competitive, equitable salary with top-tier health benefits, dental, and vision insurance

• Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, and Dublin) to be in office minimum 2 days per week on our Anchor Days.

• Flexible time off policy, with an encouraged 20 days off per year.

• $2000 annual counseling benefit

• RRSP matching and RESP contribution

• Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years​

The expected salary range* for this role is $116,500 to $137,000 to $157,500 CAD. There are a separate set of salary bands for other regions based on local currency.

*Our salary bands are designed to reflect the range of skills and experience needed for the position and to allow room for growth at Clio. For experienced individuals, we typically hire at or around the midpoint of the band. The top portion of the salary band is reserved for employees who demonstrate sustained high performance and impact at Clio. Those who are new to the role may join below the midpoint and develop their skills over time. The final offer amount for this role will be dependent on geographical region, applicable experience, and skillset of the candidate.

Diversity, Inclusion, Belonging and Equity (DIBE) & Accessibility

Our team shows up as their authentic selves, and are united by our mission. We are dedicated to diversity, equity and inclusion. We pride ourselves in building and fostering an environment where our teams feel included, valued, and enabled to do the best work of their careers, wherever they choose to log in from. We believe that different perspectives, skills, backgrounds, and experiences result in higher-performing teams and better innovation. We are committed to equal employment and we encourage candidates from all backgrounds to apply.

Clio provides accessibility accommodations during the recruitment process. Should you require any accommodation, please let us know and we will work with you to meet your needs.

Learn more about our culture at clio.com/careers

Disclaimer: We only communicate with candidates through official @clio.com email addresses.

Apply