Security Engineer

About The Position

Requirements

• Proven experience with SOC 2 Type II audits in a system-focused role.
• In-depth knowledge of IT systems infrastructure, including both on-premises and cloud-based systems, and related security principles.
• Understanding of regulatory requirements, risk management methodologies, and security frameworks.
• Excellent problem-solving, communication, and project management skills.
• 2+ years of experience in cybersecurity, software development or IT Operations
• Experience in SAST and DAST
• Experience in software programming, preferably Java or .NET
• Experience in Infrastructure as code tooling, preferably Terraform and Ansible
• Basic knowledge of relational databases, e.g., Oracle, SQL Server and PostgreSQL
• Strong interpersonal, communication and teaching skills
• Strong analytical skills
• Passion for excellence and willing to become a key team player
• Ability to multi-task, self-direct, manage deadlines and team-oriented
• Fluent in English, French is an asset
• Bachelor's degree in Information Technology, Computer Science, or a related field.

Nice To Haves

• Active security industry certifications such as OSCP as a strong advantage.
• Experience with Pentest is a plus
• Relevant professional certifications (CISSP, CISM, CISA, etc.) are strongly preferred.

Responsibilities

• Collaborate with cross-functional teams to integrate state of the art security controls at every step from design, development, quality assurance to maintenance of systems
• Discover, assess and report vulnerabilities and escalate issues if needed
• Review, identify weaknesses and propose improvements in architectures and systems designs
• Develop and promote best security practices, design and architecture patterns to engineering teams
• Analyze findings from different tools, pen tests and support DevSecOps pipelines development
• Develop and maintain tools/scripts to help teams to achieve secure coding practices
• Collaborate with Product Owners and business stakeholders to prioritize and assess security related tasks
• Monitor latest industry security developments, analyze impact, and work with teams to mitigate risks
• Manage the SOC 2 Type II audit process for infrastructure systems, collaborating with both internal teams and external auditors.
• Maintain expert knowledge of our systems infrastructure, ensuring it meets SOC 2 Type II compliance requirements and other regulatory standards.
• Develop, implement, and maintain procedures and policies to ensure system compliance with SOC 2 Type II and other applicable regulations.
• Communicate effectively with stakeholders, auditors, and team members regarding compliance matters and audit processes.
• Manage remediation efforts to address any identified system vulnerabilities or issues.
• Provide training and guidance on compliance matters to other team members.
• Conduct regular security assessments of applications, identifying vulnerabilities and taking appropriate mitigation measures.
• Participate in incident response and cyber security investigations.