Security Engineer – Contract

This is a fully remote position, open to applicants in Canada.

📋 Description

• Oversee the deployment, configuration, testing, monitoring, and ongoing maintenance of security technologies, including SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, URL filtering, email security, and application/vulnerability scanning platforms.

• Manage small-to-medium-sized security projects from the initial requirements gathering through design, testing, pilot execution, and final implementation.

• Assist with proof-of-concept evaluations and product assessments to ensure that proposed solutions are in line with security strategy, standards, and industry best practices.

• Serve as a service or tool owner by identifying enhancements, maintaining operational runbooks, and suggesting improvements for tools you manage.

• Create and maintain procedures, workflows, architecture diagrams, and operational playbooks that facilitate security monitoring and engineering efforts.

• Investigate and triage security events utilizing technologies such as SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, and email security solutions.

• Identify, respond to, and assist in investigations of security incidents while documenting root-cause analysis and lessons learned.

• Adhere to established incident response procedures and playbooks, escalating critical findings in a timely and efficient manner.

• Employ analytical and adversarial thinking to recognize, protect against, detect, respond to, and recover from prevalent cyber threats and attack vectors.

• Conduct and support secure baseline reviews, infrastructure scanning, endpoint scanning, application vulnerability assessments, penetration testing validation, and AI red-teaming exercises.

• Review vulnerability findings for accuracy and completeness, collaborating with stakeholders to prioritize remediation efforts based on risk.

• Escalate critical vulnerabilities, zero-day threats, and high-priority risks while aiding in rapid mitigation efforts.

• Contribute to ongoing improvements in vulnerability management workflows through automation and the integration of security testing into CI/CD pipelines.

• Execute security risk assessments for internal initiatives, product enhancements, vendors, and productivity tools.

• Perform STRIDE-based threat modeling for internal projects and AI-enabled solutions, delivering actionable recommendations and clear risk reports.

• Implement a risk-based approach to assess Agentic AI technologies and associated AI-related security risks.

• Conduct vendor risk assessments within OneTrust and support broader third-party risk management initiatives.

• Identify opportunities to strengthen controls, enhance processes, and improve security outcomes across teams.

• Keep abreast of emerging threats, technologies, and industry best practices, sharing relevant insights with colleagues and stakeholders.

⛳️ Requirements

• Bachelor's degree in Technology Management, Information Security, Computer Science, Computer Engineering, or equivalent practical experience.

• 3–5 years of experience in Information Security, Security Engineering, or Security Operations.

• Possession of at least one industry-recognized security certification (CISSP, CISA, CCSP, or equivalent).

• Experience with public cloud platforms such as AWS, IBM Cloud, or Google Cloud Platform (GCP).

• Strong understanding of securing cloud environments, operating systems, networks, databases, and applications.

• Practical experience with security technologies including SIEM, WAF, DLP, EDR, and infrastructure/application vulnerability scanners.

• Knowledge of industry frameworks and standards such as NIST CSF and ISO 27001/27002.

• Familiarity with controls and compliance requirements related to SOC 1, SOC 2, PCI, and HIPAA.

• Excellent written and verbal communication skills with the capacity to effectively document findings and articulate risk.

• Strong problem-solving abilities, accountability, and a commitment to continuous learning.

• Proficiency in English.

🏝️ Benefits

• Participation in our variable compensation program