Security Engineer

|About the role

Reporting to the Director of Security Architecture and Engineering, and as a member of the Security Engineering team, this position is responsible for providing expert technical advice, applying architectural patterns for information security in alignment to information security frameworks, identifying solutions to information security challenges, and interfacing effectively with vendors and partners.

We currently have one vacancy for this position.

|What you’ll be doing

Provide input and decisions on application and infrastructure security requirements throughout the project development life cycle
Document operational and threat-based functional requirements within the enterprise agile planning tools
Evaluate, recommend, and monitor security capabilities for prevention, detection, and response to information security threats.
Support Security Operations with system integration issues and prioritized requests
Support the Security Assessment Team in their processes and risk assessments to ensure adequate security standards and best practices are applied in the logical and physical solution
Support the evolution of existing security capabilities based on operational requirements

|You’ll need to have

Post secondary degree in computer science, information security or other field related to information systems and technology or information security management, or equivalent work experience
Working experience in elaboration of security requirements, threat modeling, secure code reviews, vulnerability assessments, or application penetration testing, solution architecture.
Understanding of system administration, technical audits, security governance, DevSecOps, System Engineering, security appliance operations.
Experience evaluating and planning the implementation of security solutions is considered an asset.
Good problem solving skills and experience in the resolution of technical issues with security capabilities.
Understanding and/or working knowledge of threat modeling methodologies and frameworks including STRIDE, attack trees, OWASP Top 10, and MITRE ATT&CK
Working understanding of security frameworks such as ISO2700x, NIST CSF, OWASP and/or CIS, and the application of controls to real-world environments.

|It would be great if you had

Experience with or certification in platforms and services (IaaS, PaaS, SaaS)
Industry certifications (CISSP, CCSP, etc.)
Practical experience with the Information Technology Infrastructure Library (ITIL) framework and/or ITIL foundation certification
Experience developing security requirements and test cases in large complex environments is considered an asset.
Bilingualism (English and French) is considered an asset

|What we can offer you

Competitive compensation package
Health and dental benefits
Defined contribution pension plan
Flexible work arrangements
Professional development opportunities
Prime downtown locations (Ottawa & Toronto) close to transit and shopping
Gym and shower facilities
Bike lockers