Senior Security Engineer

Dominion Dynamics•Ottawa, ON

2d•Onsite

About The Position

This is an early, high-ownership security engineering hire. You'll design and operate the security platform end to end — identity, endpoints, detection, automation, and compliance — for a company where security is a first-class product and customer requirement, not an afterthought. You'll build greenfield, set the standards the rest of the team inherits, and translate demanding compliance obligations into clean, automated engineering. If you want to own a security program from the ground up in a mission-driven defence-tech environment, this is it.

Requirements

5+ years in security engineering, infrastructure security, or a closely related discipline
Deep, hands-on identity & access management experience: building and operating a modern IdP, SSO/SCIM, phishing-resistant MFA, and device trust
Strong infrastructure-as-code skills (Terraform) applied to security tooling
Endpoint security expertise: EDR operations and MDM baseline design across macOS (Windows/Linux a plus)
SIEM / log-pipeline engineering and detection-as-code (version control, testing, CI/CD)
Security automation / SOAR experience and comfort integrating APIs across a diverse stack; proficient scripting (Python or similar)
Working knowledge of security control frameworks (NIST SP 800-171, CMMC/CPCSC, ITSP.10.171) and a track record of turning controls into engineering work
Experience assessing third-party / vendor security and reasoning about data residency and sovereignty in a Canadian context

Nice To Haves

Experience in defence, government, critical infrastructure, or other regulated / high-assurance environments
Eligibility to obtain a Canadian security clearance (Reliability or Secret) — a strong asset as the role grows
Experience securing GenAI/LLM systems and building AI-driven security automation
Exposure to OT, embedded, robotics, or autonomous-systems security
Relevant certifications (OSCP, GIAC, etc.) — valued, not required

Responsibilities

Build and operate our identity platform as infrastructure-as-code (Terraform-managed IdP), including SSO/SCIM integrations across the full application estate
Implement phishing-resistant authentication and device-trust enforcement using hardware security keys (WebAuthn/FIDO2)
Deploy, maintain, and tune endpoint detection & response (EDR) across the device fleet
Design and maintain secure MDM baselines — configuration profiles and policies for all managed endpoints
Integrate our HRIS and IT asset-management systems with identity and endpoint tooling to automate joiner/mover/leaver and full asset-lifecycle workflows
Stand up and refine log-ingestion pipelines into our SIEM / security-analytics platform
Develop detection-as-code capabilities — version-controlled, tested, CI/CD-deployed detections
Design and operate SOAR-driven automation that orchestrates identity, secrets management, the productivity/collaboration suite, security tooling, and custom GenAI/LLM models (managed/self-hosted inference)
Deploy and continuously refine enterprise security controls to counter emerging threats and meet compliance baselines (CPCSC, NIST SP 800-171 / ITSP.10.171)
Ensure every security platform and control satisfies Canadian data-residency requirements
Own third-party/vendor security due diligence and ensure vendors meet our trust and sovereignty requirements