Cloud Security Engineer

About The Position

Requirements

• 4+ years of security engineering experience, including 2+ years focused on cloud security in AWS and/or Google Cloud.
• Strong understanding of cloud-native attack paths, IAM risks, network controls, data protection, key management, secrets management, and workload identity.
• Hands-on experience with infrastructure-as-code, ideally Terraform, and a strong understanding of how to secure it at scale.
• Ability to write code in Python, Go, or a similar language to automate detection, remediation, and security workflows.
• Experience integrating security tooling into CI/CD pipelines and developer workflows without creating unnecessary friction.
• Working knowledge of at least one compliance framework such as SOC 2, HIPAA, HITRUST, PCI-DSS, or ISO 27001, with the ability to translate requirements into technical controls.
• Strong communication and collaboration skills, with a bias toward enabling teams, influencing without authority, and helping engineers build securely.

Nice To Haves

• Experience in healthcare, fintech, or another regulated environment.
• Hands-on experience with CSPM or CNAPP tools such as Wiz, Prisma Cloud, Lacework, or similar platforms.
• Experience securing Ruby on Rails, JavaScript, TypeScript, GraphQL, containerized workloads, or modern cloud-native applications.
• Cloud incident response, forensics, or threat hunting experience.
• Experience securing AI/ML workloads, LLM integrations, data science platforms, autonomous AI systems, or non-human identities.
• Familiarity with AI/ML model supply chain risks, AI-specific SBOMs, or controls for limiting blast radius and privilege escalation.
• Open-source contributions or experience building internal security tooling.

Responsibilities

• Design and implement cloud security controls across AWS and Google Cloud, including multi-account architecture, network segmentation, data protection, and secure-by-default infrastructure patterns.
• Build reusable Terraform modules, reference architectures, policy-as-code guardrails, and self-service tooling that make secure implementation easier for engineering teams.
• Operate and tune CSPM/CNAPP tooling to identify misconfigurations, exposures, toxic combinations, and coverage gaps across Fullscript’s cloud environments.
• Drive remediation of cloud vulnerabilities and misconfigurations, balancing risk, engineering effort, customer impact, and business priorities.
• Strengthen IAM, secrets management, key rotation, cloud credentials, machine identities, and just-in-time access patterns across cloud and SaaS environments.
• Embed security into CI/CD pipelines through IaC scanning, container image scanning, SBOM generation, artifact protection, and software supply chain controls.
• Partner with the SOC and engineering teams on cloud-native detections, logging, runbooks, incident response, post-incident learning, and secure AI/ML workload patterns.

Benefits

• Salary range: $100,000 to $110,000 CAD
• Remote-first flexibility to work where you work best, with Ottawa, Toronto, Calgary, or Vancouver preferred for this role.
• Flexible PTO and competitive pay, because work-life balance matters
• RRSP/401k match and stock options to invest in your future
• Premium benefits package with customizable coverage, paramedical services, and an HSA.
• Fullscript discounts to save on high-quality wellness products
• Continuous learning opportunities to grow your skills and career