Associate Security Engineer

We’re looking for a Security Engineer to manage the security of our R&D operations and production application. You’ll plan and execute security initiatives directly and in collaboration with other teams.  You’ll take ownership of our security practices and the vision going forward, with the support of our exec team down through Engineering leadership. We take a DevOps approach to delivery and production ownership. This applies to our security strategy as well: Working alongside the Director, Information Security, you’ll manage security projects as well as lead the way the rest of the department manages security for their respective application domains. This role can be hybrid out of our Toronto office, or fully remote, anywhere in Canada.

You will:

• Evolve and expand our existing security activities – threat modeling, risk mitigation, observability, incident response. Manage and execute security projects based on internal and external inputs such as our bug bounty program, pentesting, or other gap analysis.
• Implement security improvements as an individual contributor as well as in collaboration with our teams. Set the standard for how new code being shipped meets our security needs.
• Advocate for security. Build a culture of security ownership rooted in shared values
• Managing security roadmaps from a corporate-wide perspective to meet the needs of various stakeholders including enterprise sales enablement.
• Work in a predominantly AWS cloud environment with some Google Cloud Platform services. Our services are built on Django and get continuously deployed.

You are:

• You’re familiar with modern security practices and technologies
• You understand security in a cloud provider context (we use primarily AWS with some GCP services as well) and can help move us toward a Zero Trust architecture
• Familiar with managing infrastructure as code with automation tools such as Terraform
• Able to achieve results as an individual contributor as well as through aligning and guiding others
• 2+ years of experience in application security or related fields, with a strong ability to collaborate with application development teams.
• Proficient in threat modelling, architecture design review processes, and familiar with common attack vectors and exploitation techniques.
• Strong communication skills, capable of articulating security concerns and solutions to both technical and non-technical stakeholders.
• Knowledge of development security best practices for mobile and web applications.
• Bachelor’s degree in Computer Science, Engineering, or a related discipline, or an equivalent combination of education and experience.