Cyber Security Engineer

About The Position

Requirements

• Strong understanding of cyber security frameworks and standards (e.g., NIST, CIS, ISO 27001).
• Strong knowledge of attack techniques and defensive methodologies (e.g., MITRE ATT&CK, Cyber Kill Chain).
• Advanced hands‑on experience with security technologies, including SIEM, SOAR, EDR/XDR, firewalls, email security, cloud security tooling, and vulnerability management platforms.
• Experience working with MDR platforms such as Arctic Wolf or Microsoft Defender for Experts is preferred
• Strong understanding of security architecture, network communications, operating systems, and cloud infrastructure.
• Ability to collect, analyze, and interpret security telemetry, logs, and threat intelligence.
• Strong analytical and problem-solving skills with the ability to operate effectively during high-pressure security incidents.
• Detail-oriented, highly organized, and capable of managing multiple concurrent priorities.
• Strong written and verbal communication skills, with the ability to explain technical security concepts to non-technical audiences.
• Ability to work independently as well as collaboratively within cross-functional teams.
• Continuous learner with a strong interest in emerging technologies, threats, and security practices.
• Degree or diploma in Information Security, Computer Science, Information Systems, Engineering, or a related field, or equivalent practical experience.
• Minimum 10 years' experience in progressive technology roles.
• Minimum 5 years' experience in roles with Cyber Security and Information Security job responsibilities (e.g., architecture, incident response, vulnerability management, etc.).
• Minimum of 5 years of cloud infrastructure experience, preferably Azure and/or AWS.
• Significant experience in enterprise IT environments, including systems, networks, and cloud platforms.
• Demonstrated hands-on experience across multiple cyber security domains such as incident response, security operations, cloud security, and vulnerability management.
• Must be able to provide sound judgement under significant stressors.

Nice To Haves

• Cybersecurity certifications with a focus on Microsoft Azure and Microsoft 365 security are preferred.
• Experience in regulated environments (e.g., healthcare, public sector, government) is an asset.

Responsibilities

• Working with the Cyber Security operations team, develop processes and implement technology to monitor, investigate, analyze, and respond to security alerts, events, and incidents using modern detection and response technologies.
• Provide expertise and support cyber security incident response activities, including threat analysis, containment, eradication, recovery, and post‑incident review.
• Lead investigations of cyber security incidents that require deep expertise involving both external threats and internal users, including employees, contractors, and privileged accounts.
• Work with cyber security partners to conduct proactive threat hunting and analysis of suspicious activity to identify advanced or persistent threats.
• Escalate and communicate security risks, incidents, and investigative findings to appropriate Manager and/or stakeholders with clear technical and risk‑based context.
• Participate in on‑call and after‑hours response activities as required to address time‑critical security incidents.
• Act as a trusted technical advisor to management during employee‑related cyber incidents as the Lead and conduct cyber security investigations involving internal employees, including potential insider threats, policy violations, misuse of PHO systems, or inappropriate access to sensitive information.
• Produce confidential investigative reports, technical assessments, and expert findings for use by Human Resources, Legal Services, and executive leadership in disciplinary, corrective, or labour‑relations processes.
• Handle highly sensitive employee‑specific and labour‑relations‑related information in a strictly confidential capacity, exercising professional discretion, judgment, and independence.
• Independently determine investigative scope, methods, and response actions for complex, sensitive, or high‑risk cyber security incidents.
• Collect, preserve, analyze, and document digital and forensic evidence, including logs, access records, system activity, and security telemetry, in accordance with evidentiary, legal, and chain‑of‑custody requirements.
• Lead the design and implementation, configuration, operation, and optimization of security controls across enterprise environments, including Endpoint, network, and cloud detection and response (EDR/XDR/NDR). Security Information and Event Management (SIEM) and automation/orchestration (SOAR). Vulnerability management and continuous vulnerability assessment. Email security and anti‑phishing platforms. Network, firewall, container, and application security controls.
• Implement and maintain security controls in cloud environments (e.g., Azure, AWS, GCP), ensuring secure configurations and monitoring.
• Support the secure deployment and operation of SaaS platforms (including M365) by integrating and validating security features and controls.
• Implement security automation, scripting, and process improvements to enhance detection, response, and operational efficiency.
• Translate business and operational requirements into technical security requirements and solutions.
• Analyze solution architectures, system designs, and technology changes to identify security risks, threats, and vulnerabilities.
• Recommend technical security controls and design improvements to reduce risk and improve resilience.
• Support security testing, assessments, and remediation activities. E.g. red/purple team, pen-tests, vulnerability assessments.
• Perform vulnerability scanning, assessment, prioritization, and remediation tracking across infrastructure, applications, and cloud services.
• Apply threat intelligence, attacker techniques, and security frameworks to improve preventive and detective controls.
• Continuously evaluate emerging threats, vulnerabilities, and attack trends to proactively strengthen security controls.
• Develop, maintain, and enhance security procedures, standards, technical documentation, and operational runbooks.
• Contribute to the implementation and alignment of security frameworks, standards, and best practices.
• Support audits, compliance activities, and security reviews by providing technical evidence and expertise.
• Work closely with PHO’s IT, cloud, application, privacy, legal, and business teams to embed security into day‑to‑day operations and projects.
• Collaborate with external partners, vendors, and sector peers on cyber security matters and shared threat intelligence.
• Act as a trusted technical advisor on cyber security technologies, risks, and best practices.
• Works within the broad objectives of PHO and applicable government or policies, standards, rules.
• Assesses and advises leadership on how best to manage cyber risk across programs against established risk system/model business or programs.
• Advises best course of action during cyber incidents.
• Acts as a thought leader and thinker for cyber security across the organization to drive sound, innovative, and compliant approaches to Cyber and Information Security.
• Promotes and leads the operational implementation of cyber security strategies, directions, and practices.
• Monitors and ensures alignment of security practices, controls, patterns, and solutions across all domains to mitigate identified risks and gaps.
• Identifies issues and recommends options for risk management at appropriate levels within PHO and with external partners.

Benefits

• Ontario Public Service Employees Union