
Manager, Security Engineering
Posted 2 days ago

Posted 2 days ago
This is a fully remote position, open to applicants in Canada.
• Oversee, mentor, and develop a committed team of security engineers.
• Perform ongoing performance assessments (quarterly and annually) to facilitate professional growth and advocate for promotions.
• Create and implement a strategic security engineering roadmap that aligns with Product Engineering requirements and overarching business goals, including the secure integration of AI technologies.
• Convert high-level business objectives into actionable quarterly deliverables for the team.
• Establish and evaluate team success based on the achievement of quarterly objectives and ongoing enhancements of annual compliance audit results.
• Promote shift-left security methodologies, which encompass threat modeling, secure code reviews, and developer security training embedded within the software development lifecycle.
• Take ownership and expand application security tools—SAST, DAST, and SCA platforms—to systematically identify and address vulnerabilities within product codebases.
• Transition the security approach from manual operational remediation to developing automated solutions and guardrails that eliminate entire classes of vulnerabilities.
• Lead exploratory research initiatives to proactively examine cloud-native environments and uncover systemic security vulnerabilities before they escalate into incidents.
• Ensure that all security initiatives are based on clear findings and provide precise architectural solutions (code or configuration) to address them.
• Establish and enforce cloud security standards covering IAM, API security, secrets management, and container workloads across AWS environments.
• Define and implement security standards for internal enterprise AI systems, including LLM-based agents, RAG pipelines, and AI-integrated workflows—addressing risks such as prompt injection, data exfiltration, and privilege escalation.
• Lead threat modeling efforts for agentic AI systems where models have access to tools, APIs, or sensitive information.
• Collaborate with AI/ML engineering teams to integrate security reviews into AI development lifecycles, from model selection to deployment.
• Assess and deploy AI-native security tools to enhance the team's detection, triage, and remediation capabilities.
• Act as an internal consultant and advisory resource for Product Engineering teams, assisting them with secure implementation practices.
• Articulate complex, highly technical security risks to non-technical project managers and stakeholders effectively.
• Influence and negotiate with software developers to prioritize and address vulnerabilities within their processes.
• Serve as the main technical liaison between Product Engineering and Security Operations, offering guidance on cloud and Kubernetes security configurations.
• Practical experience with SAST, DAST, and SCA tools (e.g., Semgrep, Snyk, Veracode, or similar) and guiding engineering teams on remediation efforts.
• Profound understanding of securing cloud-native applications and services on AWS, including IAM, API Gateway, secrets management, and container workloads.
• Familiarity with OWASP LLM Top 10, agentic AI attack vectors (tool abuse, prompt injection, memory poisoning), and security considerations for AI systems with external integrations.
• Experience leveraging AI-assisted security tools—such as AI-powered SAST, copilot-assisted code reviews, or agentic vulnerability triage—to enhance team productivity.
• Strong understanding of the technical implications of operating within stringent compliance frameworks, including ISO/SOC, PCI, and FedRAMP.
• Exceptional ability to convey highly technical concepts to non-technical stakeholders, along with the interpersonal skills necessary to influence engineering teams without direct reporting authority.
• Competitive healthcare coverage
• Wellness programs
• Flexible time off as needed
• Parental leave
• Recognition programs
• Much more!
ENSEK
Software Mind
Benefex
BDO Ireland
Get handpicked remote jobs straight to your inbox weekly.