Senior Security Engineer

About The Position

Requirements

• 8+ years of experience in security engineering, application security, cloud security, or related disciplines, with hands-on experience securing production environments.
• Deep expertise in application security and vulnerability management, including SAST, DAST, SCA, penetration testing, and secure code review.
• Experience integrating security tooling into CI/CD pipelines and DevSecOps workflows.
• Proficiency in at least one scripting language (Python, Go, or equivalent), with experience building and automating security tooling.
• Hands-on cloud security experience in AWS or GCP.
• Experience with SIEM platforms, detection engineering, incident investigation, and security operations.
• Strong understanding of IAM, including SSO, MFA, RBAC, PAM, and identity threat detection.
• Knowledge of OWASP Top 10, secure development practices, software supply chain security, and SBOMs.
• Comfortable leveraging AI-powered tools and adapting to emerging security technologies.
• Strong communication, ownership, and problem-solving skills, with the ability to influence technical and non-technical stakeholders.
• Familiarity with security and compliance frameworks such as SOC 2, ISO 27001, NIST CSF, and MITRE ATT&CK/ATLAS.
• Bachelor's degree in Information Security, Computer Science, Engineering, or equivalent practical experience.
• Candidates must undergo a criminal records check upon hire
• Be a Canadian Citizen (dual citizens included), or eligible to work in Canada
• Be willing to comply with Solink’s own security policies and standards.

Nice To Haves

• Security certifications such as CISSP, CCSP, GSEC, GCIH, or AWS/GCP Security Specialty.
• Experience with Kubernetes, container security, and cloud security posture management.
• Experience securing AI-enabled systems, AI governance, or AI-specific security risks and frameworks.
• Familiarity with LLM-based security tools, autonomous vulnerability discovery, or bug bounty programs.
• Experience supporting compliance automation, GRC initiatives, customer trust programs, or security assurance efforts.
• Success working on small, high-impact security teams with broad ownership across multiple domains.

Responsibilities

• Triage and coordinate remediation of vulnerabilities across SAST, SCA, DAST, CSPM, external reconnaissance, security advisories, and bug reports
• Own the SAST, DAST, and SCA technical stack end-to-end including configuration, execution, triage, and reporting across Solink's technology stack
• Lead Solink's shift-left security program by embedding security guardrails, automated checks, and developer tooling into IDEs and CI/CD pipelines to identify issues early and drive adoption across teams
• Leverage AI-powered security tools and modern techniques for vulnerability discovery and triage, combining them with practical experience and traditional security tooling.
• Develop scalable practices, automation workflows, and documentation that raise the security bar across the organization
• Participate in architecture reviews and threat modeling exercises, providing security and compliance guidance across product-engineering and corporate systems.
• Conduct source code and whitebox security assessments, providing actionable recommendations to improve security posture
• Support incident response activities, including investigation, containment, recovery, and post-incident reviews.
• Contribute to threat hunting and red team exercises across AWS, Kubernetes, and other cloud environments.
• Support compliance initiatives, evidence collection, audit readiness and the ongoing automation of compliance processes.
• Help teams adopt AI tools securely by contributing to AI threat modeling, implementing appropriate controls, and addressing emerging AI-related risks.
• Partner with IT Services and corporate stakeholders on endpoint security, EDR, and broader security operations initiatives.
• Execute penetration tests for web, mobile, and API applications.

Benefits

• Fully paid health & dental (no waiting period)
• $500 health spending account
• Monthly reimbursement for fitness, wellness, or mental health programs
• Meaningful equity