Logging & Detection Engineer

March 6, 2026

About the position Clio is more than just a tech company-we are a global leader that is transforming the legal experience for all by bettering the lives of legal professionals while increasing access to justice. We are currently seeking a Logging & Detection Engineer to join our rapidly growing Security team and our new Logging Engineering team. This role is for someone passionate about building sophisticated detection capabilities, crafting efficient queries, and driving security analytics through log data. You will focus on the detection and analysis layer of our logging platform while making a tangible impact on our security monitoring capabilities. This role is available to candidates across Canada (excluding Quebec). If you are local to one of our hubs (Burnaby, Calgary, or Toronto) you will be expected to be in office minimum two days per week for our Anchor Days. Responsibilities • Design and implement sophisticated detection rules and queries across ELK stack, security data lakes, and cloud logging platforms • Build and optimize complex search queries, aggregations, and analytics dashboards for security monitoring • Develop automated detection workflows and integrate detection logic with incident response systems • Partner with the security team to translate threat intelligence into actionable detection capabilities • Create and maintain detection rule libraries, query templates, and security analytics playbooks • Optimize query performance and resource utilization across large-scale log datasets • Build custom visualizations, dashboards, and reporting capabilities for security stakeholders • Investigate security alerts, perform threat hunting, and refine detection accuracy to reduce false positives • Collaborate with the platform team to influence logging architecture based on detection requirements • Stay current with emerging threats and translate new attack patterns into detection logic Requirements • Proven expertise building detection capabilities and security monitoring systems, typically gained over 3+ years of relevant experience. • Query language proficiency in Elasticsearch/Lucene, SQL, KQL (Kusto), SPL (Splunk), or similar query languages • Detection engineering experience creating rules, alerts, and automated response workflows for security events • Log analysis skills across multiple data sources including cloud logs, application logs, and security tool outputs • Dashboard and visualization experience with Kibana, Grafana, Tableau, or custom analytics interfaces • Threat hunting expertise using log data to proactively identify security threats and anomalous behavior • Scripting and automation abilities in Python, PowerShell, or similar languages for detection automation • Security tools integration experience with SIEM platforms, SOAR tools, and security orchestration • Performance optimization skills for query tuning, index optimization, and resource-efficient analytics • Incident response support experience investigating alerts and providing technical analysis for security incidents Nice-to-haves • Advanced analytics experience with machine learning, statistical analysis, or behavioral analytics for security • Multi-platform detection experience across cloud platforms (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs) • Custom detection development building detection logic for specific threat frameworks (MITRE ATT&CK, Kill Chain) • Security certification such as GCTI, GCFA, GNFA, or other threat hunting/forensics certifications • Open source contributions to detection rule repositories, security analytics tools, or SIEM content • Data science background with experience in anomaly detection, clustering, or predictive analytics for security • API integration expertise for automated threat intelligence ingestion and detection rule management • Cloud security analytics experience with cloud-native security services and serverless detection architectures • Compliance and reporting experience building analytics for regulatory requirements and security metrics Benefits • Competitive, equitable salary with top-tier health benefits, dental, and vision insurance • Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, and Dublin) to be in office minimum 2 days per week on our Anchor Days. • Flexible time off policy, with an encouraged 20 days off per year. • $2000 annual counseling benefit • RRSP matching and RESP contribution • Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years Apply tot his job

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...

DISCLAIMER