About Calian

At Calian, we help organizations overcome obstacles, manage risks, and drive progress. Since 1982, we’ve grown from a small consulting firm into a trusted global company across defence, space, health, nuclear energy, public safety, and government.

We create innovative solutions that tackle complex challenges and help organizations and communities stay resilient, informed, and connected. If you’re driven by purpose and energized by solving real-world challenges, we want you on our team.

Job Type: Full Time

Position Overview

We are seeking a Lead Security Engineer to serve as the technical authority and Incident Commander for high-severity security events across our client base.

This role requires deep expertise in CrowdStrike Falcon and NGSIEM, with the ability to lead complex investigations, coordinate response efforts, and drive detection maturity across a multi-tenant MSSP environment.

While CrowdStrike will be the primary platform, the ideal candidate must be comfortable operating across multiple security technologies and telemetry sources.

This is a hands-on leadership role with on-call responsibilities.

Responsibilities

Incident Command & Response Leadership

  • Serve as Incident Commander for high-severity and complex security incidents.
  • Lead coordinated response efforts across SOC analysts, engineers, and client stakeholders
  • Establish investigation strategy, task delegation, and communication cadence
  • Drive containment, eradication, and recovery decisions
  • Conduct post-incident reviews and root cause analysis
  • Deliver executive-level incident briefings to clients

CrowdStrike & NGSIEM Engineering

  • Architect and optimize CrowdStrike NGSIEM environments
  • Develop and tune detection logic within NGSIEM
  • Design ingestion strategies aligned with MSSP scale and cost efficiency
  • Leverage Falcon telemetry for deep endpoint investigations
  • Perform advanced query development and threat hunting
  • Identify telemetry gaps and improve detection coverage

Multi-Platform Security Operations

  • Investigate incidents across:Endpoint (CrowdStrike Falcon + other supported platforms)SIEM (NGSIEM + other supported platforms)Identity providersFirewall and network telemetryCloud platforms (AWS/Azure/GCP)Correlate signals across disparate systems to build complete attack narrativesSupport integration efforts with SOAR platforms

Detection Engineering & Threat Hunting

  • Develop detection strategies aligned to MITRE ATT&CK
  • Conduct proactive threat hunts
  • Reduce false positives through rule refinement
  • Collaborate with automation engineering to improve IR workflows

On-Call & Operational Responsibilities

  • Participate in on-call rotation for high-severity incidents
  • Provide after-hours escalation support
  • Lead response during active security events regardless of time zone
  • Ensure incident documentation meets quality standards

Mentorship & SOC Leadership

  • Mentor Analyst & Engineering Team
  • Establish investigation standards and quality benchmarks
  • Improve escalation pathways
  • Contribute to SOC maturity initiatives

Other duties as required within the context of the role.

Qualifications

Required Qualifications

  • 10+ years in cybersecurity operations, incident response, or security engineering
  • 4+ years hands-on experience with CrowdStrike Falcon Platform
  • Direct experience with CrowdStrike NGSIEM (Strongly Preferred)
  • Demonstrated experience serving as Incident Commander or IR Lead
  • Experience designing or deploying security technologies
  • Strong endpoint forensics and telemetry analysis capabilities
  • Experience in MSSP or multi-client environments preferred
  • Excellent written and verbal communication skills (technical and executive-level)

Preferred Experience

  • Experience in architecting SIEM ingestion strategies
  • Experience deploying EDR at scale
  • Familiarity with SOAR platforms
  • Experience integrating identity and cloud telemetry into SIEM
  • Knowledge of MITRE ATT&CK and adversary emulation
  • Background in threat hunting and adversary emulation

Technical Skill Set

  • CrowdStrike Falcon platform expertise
  • CrowdStrike NGSIEM advanced query development
  • CrowdStrike NGSIEM advanced dashboard development
  • Security architecture design
  • Detection engineering
  • Incident command methodology
  • Threat hunting techniques
  • Log correlation & telemetry strategy
  • Cloud security telemetry
  • API integrations (preferred)

Must be eligible to work for any U.S. employer without the need for sponsorship now or in the future

Compensation

This role offers a base salary range of $140,000–$160,000, with eligibility for an incentive bonus as part of the overall compensation package.

Vacancy

We have 1 available position(s).

#LI-CH1# #SF#

AI Usage Disclosure

At Calian, we do not use Artificial Intelligence (AI) to screen or evaluate candidates. AI tools may support backend administrative tasks, but they do not influence hiring decisions. All evaluations and decisions are made by real people on our recruitment team and hiring managers. All applicants are reviewed and only those chosen for an interview will be contacted by our recruiting team.

How we hire

  • Our hiring process is designed to help us get to know you and discover if you are the best fit for our team. It’s also an opportunity for you to gauge if a role at Calian is the right fit for you.

    Throughout the process, we’ll share details of the kind of work you’ll be doing, the projects you’ll be working on, the team you’ll be joining, and what it’s like working at Calian. Our biggest tip throughout the process is to  just be your authentic self! 
  • Our commitment to diverse, yet highly specialized solutions require many different skills and abilities. We look for the best talent that can contribute to Calian’s success as well as enhance our  culture. We encourage you to apply to a role or join our talent community and sign up for job alerts that match your area of expertise and what you are looking for in your next opportunity.  

    During the recruiting process, you’re encouraged to notify us of any accommodations you may require. We’ll be happy to help. 

  • We give the same time and consideration to everyone who applies. Here are a few things you can do to ensure your application shines: 

    • Do your research on Calian, the department, and team you are looking to join 
    • Add a cover letter that explains why you are a good fit for this position  
    • Share a portfolio, personal websites, or links to your professional social media 
    • In your CV, highlight your key achievements – this is your time to brag 
    • Include dates! Share the timeline of your experience 
    • Stand out by tailoring your resume to each position you apply to  
    • Only apply to roles you’re genuinely interested in and that align to your experience 
    • Be prepared! Do your research on Calian, the department, and team you are looking to join
    • View the responsibilities for the role and find examples that demonstrate how you’ve completed these in your previous work  experience 
    • Prepare a list of questions to ask us 
    • Dress business casual for your interview (virtual and in person) 
    • We assess your skills and fit, you assess our fit for you 
    • We keep you updated and share expectations as we make progress in the recruiting cycle  
    • Feel free to reach out to your Talent Acquisition Specialist at any time during the hiring process