Staff Security Operations Engineer

We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions - at the high end we are looking for deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level actors. We have more junior roles for exceptional individuals with a proven personal interest an engagement in cyber attack and defence, and outstanding academic and career performance even if experience is limited.Our goal is to build an entirely new level of assurance and observable rigour into the open source supply chain. We have our own estate to monitor, but more broadly our goal is to raise the robustness of the entire global Ubuntu estate through the work of this team.The Security Operations (SecOps) team is responsible for design, implementation and evolution of Canonical security practices, techniques, tools, systems and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure and build processes. They are responsible for assuring the security and integrity of our own infrastructure and product deployments. They design and implement technical security controls that ensure security threats are automatically identified, contained and remediated. The team will also contribute ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attack.The SecOps team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.What you will do in this role: Implement and evolve Canonical's SecOps security standards and playbooksAnalyse and improve Canonical's security architectureEvaluate, select and implement new security tools and practicesIdentify, contain and guide the remediation of security threats and cyber attacksGrow the presence and thought leadership of Canonical SecOps practiceContribute to open source threat intelligence initiativesDrive threat modelling, table top exercises and other SecOps practices across Engineering, IS and CanonicalDevelop Canonical SecOps learning and development materialsPublish blog posts, whitepapers and conference presentationsIdentify, implement and track SecOps KPIsPlan and deliver SecOps work in the framework of Canonical's agile engineering practiceWork with Security leadership to present information and influence changeWhat we are looking for An exceptional academic track recordUndergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative pathDrive and a track record of going above-and-beyond expectationsDeep personal motivation to be at the forefront of technology securityExpertise in threat modelling and risk management frameworksKnowledge of security architecture and market-leading security toolsExperience contributing to, and consuming, threat intelligence feedsExperience in security risk management frameworks such as NIST CSFExperience with security standards such as ISO 27001Optional things we value Experience in a security operations team or a security operations centre (SOC)Experience in offensive or defensive security teams with hands-on abilityExperience with state-actor and other advanced persistent threatsWhat we offer you We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.Distributed work environment with twice-yearly team sprints in personPersonal learning and development budget of USD 2,000 per yearAnnual compensation reviewRecognition rewardsAnnual holiday leaveMaternity and paternity leaveEmployee Assistance ProgrammeOpportunity to travel to new locations to meet colleaguesPriority Pass, and travel upgrades for long haul company eventsAbout Canonical Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.Canonical is an equal opportunity employer During this application process I agree to use only my own words. I understand that plagiarism, the use of AI or other generated content will disqualify my application.  *--Please describe your most intensive cyber-security operational experience, where you felt the threat actors were most sophisticated or the stakes particularly high. Please describe your role and contribution to that security work.  *Please describe your most relevant or significant leadership experience  *Please list the SecOps tools or technologies that you are familiar with, along with any comments to indicate the tools in which you have very significant experience or interest.  *How did you perform in mathematics at high school?  *Please selectHow did you perform in your native language at high school?  *Please selectPlease share your rationale or evidence for the high school performance selections above. Make reference to provincial, state or nation-wide scoring systems, rankings, or recognition awards, or to competitive or selective college entrance results such as SAT or ACT scores, JAMB, matriculation results, IB results etc. We recognise every system is different but we will ask you to justify your selections above.  *What was your bachelor's university degree result, or expected result if you have not yet graduated? Please include the grading system to help us understand your result e.g. '85 out of 100', '2:1 (Grading system: first class, 2:1, 2:2, third class)' or 'GPA score of 3.8/4.0 (predicted)'. We have hired outstanding individuals who did not attend or complete university. If this describes you, please continue with your application and enter 'no degree'.  *Universities around the world score degrees in different ways. Please indicate your result, or expected result if you are close to graduation, along with information about the grading system.We expect all colleagues to meet in person 2-4 times a year, at internal company events lasting between 1-2 weeks. We try to pick new and interesting locations that will likely require international travel and entry requirement visas and vaccinations. Are you willing and able to commit to this?  *Please note that if you require any accommodation for travel that relates to a physical disability please do let us know during your hiring process and we will be happy to discuss your requirements further.--In which country do you currently work?  *Please select your current location from the dropdown.Please selectPlease confirm that you have read and agree to Canonical's Recruitment Privacy Notice and Privacy Policy.  *Recruitment Privacy NoticePrivacy PolicyPlease select#J-18808-Ljbffr