Senior Security Operations Engineer at Canonical

Senior Security Operations Engineer

Location: Home based - Worldwide (fully remote)

Overview

Canonical is building a new Security Operations (SecOps) capability to raise the assurance, observability and resilience of Ubuntu and Canonical’s global estate. We are hiring Senior/Staff-level Security Operations Engineers for a new team reporting to the CISO. These roles range from experienced senior engineers to staff-level practitioners who have defended high-value assets and responded to sophisticated threats, including nation-state actors.

What you will do in this role

• Implement, evolve and operate Canonical's Security Operations Center (SOC), including detection, containment and remediation workflows.
• Analyse and improve Canonical's security architecture, tooling and monitoring to increase automation and observability.
• Select, deploy and integrate market-leading security tools and threat intelligence sources.
• Identify, contain and guide remediation of security incidents and cyber attacks across internal infrastructure and product deployments.
• Drive threat modelling, tabletop exercises and SecOps practices across Engineering, IS and the wider business.
• Develop SecOps learning materials, playbooks and KPIs to track detection and response effectiveness.
• Contribute to public-facing thought leadership: blog posts, whitepapers, conference talks and community threat intelligence sharing.
• Plan and deliver SecOps work within Canonical’s agile engineering framework and collaborate with security leadership to influence change.

What we are looking for

We seek technically excellent security professionals with deep operational experience and a drive to improve the security of open source supply chains and enterprise deployments.

• Exceptional academic background or equivalent professional experience (Computer Science or STEM preferred).
• Previous professional experience working in, or leading, a Security Operations Center (SOC).
• Proven expertise in threat modelling, incident response, risk management frameworks and security architecture.
• Familiarity with security risk frameworks such as NIST CSF and ISO27001 and experience applying them in operations.
• Hands-on experience with security tooling, detection engineering and threat intelligence ingestion and consumption.
• Experience defending against advanced persistent threats and state-level adversaries is highly valued.
• Strong verbal and written communication skills, and the ability to present to technical and senior audiences.
• Deep personal motivation to be at the forefront of technology security and a collaborative attitude toward open source communities.

Optional things we value

• Hands-on offensive or defensive security experience, including red/blue team, DFIR, or threat hunting.
• Experience contributing to or consuming threat intelligence feeds and participating in community initiatives.
• Familiarity with cloud security, container security, CI/CD pipeline hardening and secure software supply chain practices.

What we offer you

Canonical offers a remote-first environment with competitive compensation that reflects geography and experience, plus a benefits package adjusted for local markets. We support professional development, wellbeing and in-person collaboration events.

• Personal learning and development budget of USD 2,000 per year.
• Twice-yearly team sprints and company retreats to meet colleagues in person.
• Annual compensation review, recognition rewards and annual holiday leave.
• Maternity and paternity leave, Employee Assistance Programme and wellness support.
• Opportunity to travel occasionally to customer or industry events; Priority Pass and travel upgrades for long-haul events.

About Canonical

Canonical is the company behind Ubuntu, the world’s most widely used open-source Linux distribution. We partner with cloud and silicon providers and contribute to open source ecosystems. Our mission includes strengthening the security and reliability of the open source supply chain and enterprise deployments worldwide.

Application notes

Please indicate your relevant experience, examples of incident response, SOC engineering, threat intelligence or public contributions when applying. Recruitment privacy and application guidance apply. This role is remote worldwide.

Requisition ID: 1124

How to apply

Apply via Canonical's careers site for this role: https://canonical.com/careers/5391149

#LI-remote