Lead Security Engineer

Apply now »

Date: 25 Feb 2026

Location: Ottawa, ON, CA

Company: Calian

Position Overview
We are seeking a Lead Security Engineer to serve as the technical authority and Incident Commander for high-severity security events across our client base.

This role requires deep expertise in CrowdStrike Falcon and NGSIEM, with the ability to lead complex investigations, coordinate response efforts, and drive detection maturity across a multi-tenant MSSP environment.

While CrowdStrike will be the primary platform, the ideal candidate must be comfortable operating across multiple security technologies and telemetry sources.

This is a hands-on leadership role with on-call responsibilities.

Responsibilities

Incident Command & Response Leadership

  • Serve as Incident Commander for high-severity and complex security incidents.
  • Lead coordinated response efforts across SOC analysts, engineers, and client stakeholders
  • Establish investigation strategy, task delegation, and communication cadence
  • Drive containment, eradication, and recovery decisions
  • Conduct post-incident reviews and root cause analysis
  • Deliver executive-level incident briefings to clients

CrowdStrike & NGSIEM Engineering

  • Architect and optimize CrowdStrike NGSIEM environments
  • Develop and tune detection logic within NGSIEM
  • Design ingestion strategies aligned with MSSP scale and cost efficiency
  • Leverage Falcon telemetry for deep endpoint investigations
  • Perform advanced query development and threat hunting
  • Identify telemetry gaps and improve detection coverage

Multi-Platform Security Operations

  • Investigate incidents across:
    Endpoint (CrowdStrike Falcon + other supported platforms)
    SIEM (NGSIEM + other supported platforms)
    Identity providers
    Firewall and network telemetry
    Cloud platforms (AWS/Azure/GCP)
    Correlate signals across disparate systems to build complete attack narratives
    Support integration efforts with SOAR platforms

Detection Engineering & Threat Hunting

  • Develop detection strategies aligned to MITRE ATT&CK
  • Conduct proactive threat hunts
  • Reduce false positives through rule refinement
  • Collaborate with automation engineering to improve IR workflows

On-Call & Operational Responsibilities

  • Participate in on-call rotation for high-severity incidents
  • Provide after-hours escalation support
  • Lead response during active security events regardless of time zone
  • Ensure incident documentation meets quality standards

Mentorship & SOC Leadership

  • Mentor Analyst & Engineering Team
  • Establish investigation standards and quality benchmarks
  • Improve escalation pathways
  • Contribute to SOC maturity initiatives

Other duties as required within the context of the role.

Qualifications
Required Qualifications

  • 10+ years in cybersecurity operations, incident response, or security engineering
  • 4+ years hands-on experience with CrowdStrike Falcon Platform
  • Direct experience with CrowdStrike NGSIEM (Strongly Preferred)
  • Demonstrated experience serving as Incident Commander or IR Lead
  • Experience designing or deploying security technologies
  • Strong endpoint forensics and telemetry analysis capabilities
  • Experience in MSSP or multi-client environments preferred
  • Excellent written and verbal communication skills (technical and executive-level)

Preferred Experience

  • Experience in architecting SIEM ingestion strategies
  • Experience deploying EDR at scale
  • Familiarity with SOAR platforms
  • Experience integrating identity and cloud telemetry into SIEM
  • Knowledge of MITRE ATT&CK and adversary emulation
  • Background in threat hunting and adversary emulation

Technical Skill Set

  • CrowdStrike Falcon platform expertise
  • CrowdStrike NGSIEM advanced query development
  • CrowdStrike NGSIEM advanced dashboard development
  • Security architecture design
  • Detection engineering
  • Incident command methodology
  • Threat hunting techniques
  • Log correlation & telemetry strategy
  • Cloud security telemetry
  • API integrations (preferred)

Must be eligible to work for any U.S. employer without the need for sponsorship now or in the future

Compensation

This role offers a base salary range of $140,000–$160,000, with eligibility for an incentive bonus as part of the overall compensation package.

Vacancy

We have 1 available position(s).

Job Title: Lead Security Engineer
Requisition Number:  2259
Date: February 25, 2026
Location 1: Houston, TX 
Remote: Yes
Business Unit: Essential Industries
Department:  Information Systems & Information Technology
Job Type: Full-time
#LI-CH1# 
#SF#