BDO is a firm built on a foundation of positive relationships with our people and our clients. Each day, our professionals provide exceptional service, helping clients with advice and insight they can trust. In turn, we offer an award-winning environment that fosters a with a high priority on your personal and professional growth.
BDO Canada's Cloud Security Engineering Advisory team focuses on protecting cloud-first and hybrid organizations through modern security architectures, data protection, identity-centric controls, and continuous security operations. We work across Microsoft, AWS, and Google Cloud ecosystems and align security outcomes to business risk, regulatory expectations, and operational maturity. We are seeking a replacement Cloud Security Senior Consultant who combines strong technical depth with client-facing maturity, modern security thinking, and a proactive, ownership-driven mindset.
Lead and deliver cloud security assessments, architecture reviews, and implementation engagements across Azure, AWS, and GCP.
Design and implement Zero Trust–aligned security architectures covering identity, device, application, data, and infrastructure layers.
Advise clients on data protection and information governance, including classification, labeling, encryption, retention, and eDiscovery considerations.
Implement and optimize identity and access management capabilities, including Entra ID, Conditional Access, MFA, Privileged Identity Management (PIM), and workload identities.
Design and implement cloud-native security controls across:
Cloud posture management (CSPM)
Workload protection (CWPP)
Logging, monitoring, and threat detection
Support secure adoption of AI and GenAI workloads, including data exposure risk, identity boundaries, and model access controls.
Translate security risks into clear, business focused recommendations for both technical and executive audiences.
Contribute to proposals, statements of work, and client roadmaps, including effort estimation and solution shaping.
Identify and implement automation opportunities using infrastructure-as-code and security tooling.
Mentor junior consultants and contribute to internal standards, frameworks, and reusable assets.
Work with multiple cloud service providers including Amazon Web Services, Microsoft Azure and Google Cloud Platform, and various security vendors to understand their solution offerings and advise clients on appropriate technologies and architectures, based on their needs.
3 to 5 years of relevant work experience in cloud security, including identity and access management, logging and monitoring, data security and cloud reference architecture
College Diploma or University Degree in Cyber Security, Information Security, or Computer Science
Advanced certification in one or more cloud service platforms
Hands-on experience in cloud security, cybersecurity consulting, or security engineering.
Strong understanding of cloud security domains including identity, data protection, logging, monitoring, and architecture.
Experience conducting security assessments and translating findings into actionable recommendations.
Familiarity with industry frameworks and standards such as:
NIST (CSF, SP 800-53, Cloud Reference Architecture)
CIS Critical Security Controls
Cloud Security Alliance CCM
OWASP Top 10
Ability to clearly communicate complex technical concepts to diverse audiences.
Experience working in consulting or client-facing delivery roles.
Successful candidates will have experience or strong exposure to several of the following areas:
Cloud & Platform Security
Microsoft Azure, AWS, and/or Google Cloud security services
Secure landing zones and cloud reference architectures
Infrastructure-as-Code (Bicep, Terraform, ARM, CloudFormation)
DevSecOps concepts, CI/CD pipeline security, and secrets management
Data Protection & Information Security
Microsoft Purview (Information Protection, DLP, eDiscovery, Insider Risk)
Data classification, labeling, and encryption strategies
Data Loss Prevention across cloud services and endpoints
Secure collaboration and third-party data sharing controls
Identity & Zero Trust
Microsoft Entra ID (formerly Azure AD)
Conditional Access, MFA, phishing-resistant authentication
Privileged Identity Management (PIM) and Just-in-Time access
Identity governance and lifecycle automation
AI & Emerging Technology Security
Securing Copilot, GenAI, and AI-enabled workloads
Data leakage risks in AI-assisted environments
Governance and access controls for AI services
Advanced certification in one or more cloud service platforms (one of more preferred):
Azure Security Engineer, SC-series certifications
AWS Security Specialty
CISSP, CCSP, CISM
The expected range of compensation for this role is $84,000 - $128,000 annually.