Senior Developer, Cybersecurity Detection Engineering

Take a central role

The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment. 

Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.  

With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers:  Working Here - Bank of Canada

Find out more about the next steps in our Recruitment process. 

In addition to the position being staffed, this competition may be used to fill similar opportunities (Regular or Term) that become available at the same job grade. If you’re interested in this type of role, we encourage you to apply.

What you need to know

Help build the next generation of cyber resilience at the Bank. Join the Bank’s Cyber Security team to work on high-priority technical initiatives that strengthen how we detect, respond to, and recover from cyber threats in a rapidly evolving environment.

For this role you will be part of the Cyber Security Operations team within the Monitoring and Response portfolio in our Information Technology Services Department. The Cyber Security Operations team is a high-functioning group with a strong focus on building monitoring and analysis capabilities, integration, automation, and delivering value to clients quickly and iteratively.

The team is responsible for detecting and responding to external and internal cyber threats that impact the business functions of the Bank of Canada.

What you will do

You don't just write detection rules, you build detection systems. You treat detections as code: version-controlled, pipeline-tested, and continuously validated against real adversary behavior. You design and deploy infrastructure as code solutions to create repeatable testing environments, integrate AI-driven workflows to scale detection capabilities, and build the APIs and automation that enable the Security Operations team to respond faster and more effectively.

Your contribution is crucial as we continue to mature our threat detection and response capabilities using modern engineering practices.

More specifically you will:

Detection Engineering & Validation:

• Develop and optimize detection rules using detection-as-code practices
• Automate testing and deployment of detections via CI/CD pipelines
• Validate detections through simulated attack scenarios (purple teaming)
• Implement automated testing to ensure accuracy and minimize false alerts

Infrastructure as Code & Lab Environnements:

• Build and maintain scalable lab environments using infrastructure-as-code (e.g., Terraform)
• Deploy and manage containerized detection tools and testing frameworks
• Automate provisioning of infrastructure for SIEM integrations, telemetry pipelines, and sandbox environments

AI-Driven Detection & Automation:

• Integrate AI and machine learning to enhance detection logic, automate analysis, and enrich threat intelligence
• Experiment with and implement agentic AI frameworks (e.g., MCP) to enable intelligent, adaptive detection and response workflows
• Leverage AI-assisted coding and automation tools to accelerate development while maintaining strong engineering and security practices

SIEM, API Integration & Platform Engineering:

• Build integrations and optimize security platforms (e.g., Splunk, Elastic, Microsoft Sentinel, EDR tools)
• Design and implement APIs and data pipelines to connect detection, orchestration, and threat intelligence systems
• Develop dashboards, reports, and automation scripts (Python, PowerShell, Bash) to enhance visibility and streamline analyst workflows
• Contribute to sprint goals and collaborate with the team through agile practices (e.g., daily scrums)
• Document solutions and processes, and support knowledge sharing within the team
• Partner with the team to troubleshoot and resolve complex technical issues

What you need to succeed

You are a curious, rational, and critical thinker who enjoys digging deeper into problems and consistently questions the “why.” As an effective communicator, you can explain complex technical concepts clearly and concisely. You bring a team-first and security-first mindset, naturally stepping in to support your colleagues and contribute to shared success. You actively seek opportunities to improve processes and drive efficiency through automation, writing clean and maintainable code to eliminate manual tasks and pain points.

You have a strong interest in applying cyber threat intelligence, analysis, and detection concepts to real-world security operations. You embrace an agile and DevOps mindset, valuing iterative development, continuous integration and deployment, test-driven validation, and collaborative problem-solving. You also prioritize best practices when building integrations with third-party systems and believe in strong engineering discipline through testing, versioning, automation, and continuous improvement.

As part of this role, you require the following technical skills or knowledge:

• Strong understanding of Windows and Linux systems
• Experience:
  • working in Windows and Linux environments for development, scripting, and security tasks
  • writing clean and maintainable code (Python, PowerShell, or Bash)
  • working with APIs (REST, JSON) and integrating systems securely
• Familiar with cloud platforms (AWS, Azure, GCP) and modern cloud environments
• Strong interest in cybersecurity and staying up to date with evolving attacker techniques

Nice-to-have

• Experience building or maintaining purple team or detection validation lab environments
• Hands-on experience with Splunk (SPL query development, app creation, API integration, data onboarding) or other SIEM platforms (Elastic, Sentinel, Chronicle)
• Familiarity with detection-as-code frameworks such as Sigma, YARA, or vendor-specific detection languages

Your education and experience

This position requires a bachelor's degree or diploma in computer science with a minimum of five years of relevant work experience in the IT field. An equivalent combination of education and experience may be considered.

Innovative Mindset

We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things. 

Language requirement

The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve their second language proficiency for future career growth and to contribute towards fostering a bilingual environment.

What you need to know

• • Priority will be given to Canadian citizens and permanent residents
  • Security level required: Be eligible to obtain Secret 
  • There will be no relocation assistance provided
  • Please save a copy of the job poster. Once the closing date has passed, it will no longer be available. 
  • The official title for this position is “Senior Developer, Detection Engineering”

Remote work / Hybrid Work Model

The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a substantial part of each month as part of the Bank`s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office. For this position, should you not live within reasonable commuting distance of the office, you will be able to work 100% remote (within Canada) for the duration of this term. 

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider. 

• • Salaries are based on qualifications and experience and typically range from $111,051 to $130,649 (job grade 17)
  • The Bank offers an incentive for successfully meeting expectations at  7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
  • Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
  • Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
  • Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.