Sr. Information Security Engineer

About The Position

Requirements

• 5+ years of hands-on experience as an Information Security Engineer or in a similar technical security role.
• Demonstrated technical proficiency in AWS security best practices and securing cloud SaaS products.
• Direct, operational experience with endpoint management tools.
• Hands-on experience with cloud security posture management (CSPM) tools.
• Proficiency in configuring and utilizing SIEM tools for log analysis, alert tuning, and threat detection.
• Working knowledge of technical security controls required for compliance frameworks (e.g., SOC 2, GDPR).
• Experience in conducting technical vulnerability assessments and penetration test coordination.
• Proven ability to triage and respond effectively to security alerts and incidents.
• Strong collaboration, problem-solving, and written/verbal communication skills.
• Ability to manage competing priorities and thrive in a fast-paced, dynamic environment.

Nice To Haves

• Relevant technical security certifications (e.g., Security+, AWS Certified Security - Specialty, OSCP).
• Experience with scripting languages (e.g., Python, Bash) for security automation.
• Familiarity with DevSecOps practices and integrating security tooling into CI/CD pipelines.
• Prior experience in a FinTech or a fast-paced, product-centric environment.

Responsibilities

• Implement and maintain information security policies, standards, and procedures.
• Collaborate with the DevOps team to implement, configure, and operate security controls within our AWS infrastructure and cloud SaaS products.
• Execute and maintain day-to-day security operations, including endpoint management using tools like CrowdStrike, JAMF, and Kaseya.
• Utilize and operate Wiz.io for cloud security posture management and continuous vulnerability scanning.
• Configure, monitor, and analyze security events in our SIEM tool, SumoLogic, for log analysis and threat detection.
• Support the Due Diligence Questionnaire process by contributing technical details and documentation for client and prospect inquiries.
• Serve as a security subject matter expert to internal teams, providing technical depth to articulate Canoe's security posture.
• Execute technical tasks necessary to maintain compliance with relevant industry regulations and standards (e.g., SOC 2, GDPR).
• Conduct technical security risk assessments and vulnerability assessments on systems and applications.
• Triage and respond to security incidents, assisting in incident response efforts.
• Partner with engineering and product teams to integrate security tools and practices into the development lifecycle (DevSecOps).
• Contribute to the creation and delivery of internal security awareness materials and training.

Benefits

• Medical, dental, vision benefits
• Flexible PTO
• 401(k)
• Flexible work from home policy
• Home office stipend
• Employee Assistance Program
• Gym/Wifi reimbursement
• Education assistance
• Parental Leave