Ready to Transform Retail? Embark on a rewarding career with Sobeys Inc., celebrated among Canada’s Top 100 employers where your unique contributions drive success. Sobeys is full of exciting opportunities, and we are always looking for bright new talent to join our team! We currently have a full time opportunity for a Senior Cyber Security Specialist. This role can be based out of one our main offices including: Stellarton, NS; Mississauga, ON. Calgary, AB. We’re seeking a Subject Matter Expert (SME) who will lead both detection engineering and proactive threat hunting to design, implement, and continuously improve our detection logic and hunt operations across retail and enterprise environments. The role blends advanced SIEM/EDR content engineering with hypothesis‑driven hunts and actionable threat intelligence to build a threat‑informed defense. **Key Responsibilities** **Detection Engineering** + Design, author, and maintain high‑fidelity detection rules and behavioral analytics across SIEM/EDR (e.g., Azure Sentinel or Elastic Stack or Splunk SPL for detections and dashboards). + Parse/normalize diverse log sources (POS systems, payment gateways, e‑commerce platforms, cloud services, and network devices) to ensure consistent, log data. + Perform detection gap analysis, recommend architecture improvements, and document use cases in a detection content catalog/knowledge base. **Threat Hunting & Threat Intelligence** + Lead hypothesis‑driven hunts using MITRE ATT&CK and behavioral analytics to uncover ransomware, data exfiltration, POS malware, supply‑chain compromises, card skimming, cloud misconfigurations, and insider fraud. + Integrate curated threat intelligence (including retail‑focused actors such as FIN6 and current ransomware groups) into hunting and detection pipelines; produce actionable reports and executive briefings. **Automation, SIEM/EDR Operations & Response** + Build automation to streamline alert triage and response; optimize SIEM dashboards and data models for retail‑specific visibility. + Partner with IR/SOC to operationalize detections and hunts; track efficacy and continuously tune for false‑positive reduction. **Collaboration & Leadership** + Collaborate closely with SOC, IR, and engineering teams; mentor junior analysts and lead knowledge‑sharing sessions. + Communicate status, risks, and outcomes to stakeholders; drive threat‑informed risk assessments and posture improvements. **Project & Program Management** + Own end‑to‑end delivery of detection and hunting initiatives (scope, timelines, resources, deliverables) aligned to compliance and business objectives. **Qualifications & Requirements** + SIEM/EDR Expertise: Advanced Splunk SPL; hands‑on with SIEM (Splunk, QRadar) and EDR tools. + Log Engineering: Proven experience normalizing/ingesting logs from POS, payment systems, e‑commerce, cloud, and network devices. + Threat‑Informed Defense: Ability to operationalize threat intelligence and conduct ATT&CK‑aligned hunts. + Cloud Security: Working knowledge of AWS, Azure, GCP in retail environments. + Compliance & Privacy: Strong understanding of PCI DSS for payment security monitoring and familiarity with GDPR/CCPA. + Scripting & Automation: Proficiency in Python and PowerShell for data parsing, enrichment, and workflow automation. + Retail Threats & Fraud: Experience with ransomware, card‑skimming, insider fraud, loyalty‑program and e‑commerce fraud patterns. **Preferred Certifications** GIAC GCDA, GCIA, GCFA, GCTI; OSCP; PMP (or equivalent). **What Success Looks Like (KPIs)** + Increased ATT&CK coverage and validated detections for priority TTPs. + Reduced mean‑time‑to‑detect (MTTD) and false‑positive rates through tuning and automation. Regular delivery of high‑quality hunt reports, executive briefings, and detection content with measurable impact. **Who we are:** We started in a small town in Nova Scotia but we are now in communities of all sizes across this great country. With over 1,600 stores in all 10 provinces, you may know us as Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, Lawtons Drug Stores or another of our great banners but we are all one extended family. Our family of 128,000 employees and franchise affiliates share a collective passion for delivering exceptional shopping experiences and amazing food to all our customers. Our mission is to nurture the things that make life better – great experiences, families, communities, and our employees. We are a family nurturing families. Our commitment to diversity, equity and inclusion (DE&I) is fuelled by our purpose and values. It shapes our culture and drives business success. As a family nurturing families, we embed DE&I into everything we do. We know that it takes open minds and respect for distinct perspectives to create engaging workplaces, inclusive customer experiences and strong community partnerships. We are committed to accommodating applicants with disabilities throughout the hiring process and will work with applicants requesting accommodation at any stage of this process. **What we offer:** Our Total Rewards package is designed to help our teammates thrive—physically, financially, and emotionally. While offerings vary by role and employment type (full-time, part-time, contractual), eligible teammates may receive: + Comprehensive Benefits Package with health and dental coverage, life insurance, and short- and long-term disability insurance. + Access to Virtual Health Care and an Employee and Family Assistance Program for personalized support. + Retirement and Savings Plan to help you build financial security. + 10% In-Store Discount at participating banners, plus additional discount programs. + Employee Share Ownership Plan (ESOP), giving you the opportunity to invest in the company’s success. + Learning and Development Resources to support your career growth. + Parental Leave Top-Up to assist growing families. + Paid Vacation and Days Off to help you recharge. Sobeys is committed to providing a compensation structure that is flexible, equitable and competitive in the market to enable performance and growth. To learn more about this opportunity—including expected range of compensation in accordance with Pay Transparency Legislation where required —please click the “I’m interested” button above. Individual Compensation is determined based on qualifications, experience, and internal equity within the range provided. External websites may share our organization's job postings which includes compensation information based on similar roles and market benchmarks. These figures are provided for general comparison purposes only and are not issued or verified by our organization.. To drive our commitment to team collaboration and the overall success of our office culture we require our teammates to have the ability to adhere to a hybrid work model that requires your presence at one of our office locations at least three days per week. If you feel that this describes the kind of work you want to do and you are excited about what Sobeys has to offer, then please apply by the posting end date indicated above. We encourage candidates to submit a resume and take the time to ensure that their application highlights what makes them uniquely qualified for this opportunity! **Job Details** **Job Family** **Information Technology** **Job Function** **Information Technology - Cyber Security** **Pay Type** **Salary**