CAN - IT - Security Specialist IV
Location: Toronto, ON
Onsite Flexibility: Hybrid 2 days on-site, 3 days work from home (with potential to move to 4 days in office); anchor days are Wednesday and Friday
Contract Details
- Position Type: Contract
- Contract Duration: 4 months (with possibility of extension and conversion based on business needs and performance)
- Pay Rate: C$70.00 C$85.00 / Hour (CAD)
- Shift / Schedule: Monday Friday, core business hours 37.5 hours per week, 7.5 hours per day; no overtime; no rotation
- Travel Requirements: Not required
Job Summary
We are looking for a detail-oriented Cloud Security and AI Test Engineer to join our team. This individual will focus on automating and validating Compliance-as-Code (CaC) policies across multi-cloud environments including GCP, Azure, and AWS. In this role you will blend your expertise in cloud security with advanced AI tools to enhance compliance, security, and test automation, ensuring continuous validation within multi-cloud environments.
Key Responsibilities
Automated Testing for Cloud Policies
- Design, develop, implement, and maintain AI-driven automated test frameworks for the behavior of existing compliance-as-a-code policy across cloud environments (GCP/AWS/Azure) in alignment with banking regulations
- Implement AI-driven test environments using Azure Foundry and Azure ML to create realistic, mock cloud setups, including network and IAM configurations to simulate and test policies effectively
- Utilize Azure AI Search, Azure OpenAI, and Azure Machine Learning to build intelligent validation routines that can predict policy compliance issues and recommend remediation steps
- Develop comprehensive positive, negative, and edge exception test cases to validate policy enforcement logic
- Maintain a test suite library and ensure traceability between compliance requirements, validation cases, and artifacts
- Collaborate with CaC policy developers, security architects, and Cloud Service Owners to understand intended behavior and failure conditions
Continuous Testing & CI/CD Integration
- Integrate AI-assisted compliance validation into CI/CD pipelines, GitHub Actions, and GitHub Workflows using GitHub Copilot for scripting efficiencies and M365 Copilot Studio for creating streamlined policy validation templates
- Automate security scanning and validation of Terraform deployments with Python
- Validate the enforcement of banking cloud security policies by embedding automated compliance checks into DevSecOps workflows and actions
Cloud Security and Regulatory Compliance Enforcement
- Work closely with security, DevSecOps teams, and Cloud Compliance governance teams to define and enforce cloud security controls in accordance with regulatory mandates
- Validate cloud resource configurations against financial industry standards (NIST, ISO 27001, SOC 2)
Reporting & Audit Readiness
- Implement/test logging and monitoring solutions to detect compliance violations in real time
- Automate/validate the generation of compliance reports and dashboards using tools like SonarQube, Wiz.IO, Splunk, Dynatrace, and AppOmni
- Ensure that all TD Standards & STIG requirements for IaaS, PaaS, SaaS CaC development, and testing activities are traceable and auditable for internal risk assessments and external regulatory audits
Required Skills
- 8 years in Cloud Security, DevSecOps, AI, or Cloud Engineering roles
- 3 years of Technical Lead experience
- Strong knowledge of GCP, Azure, and AWS
- Jira and Confluence experience
- Proficient in Python
- CI/CD pipelines
- Proficient in Terraform
- Strong communication skills (written and verbal)
- Strong interpersonal skills
- Self-motivated, well organized, able to work both independently and in a team environment
- Attention to detail; self-starter and adaptable
Preferred Skills
- Cloud or DevSecOps engineering certifications
- Experience with container security and Kubernetes policy enforcement
- Hands-on experience with HashiCorp Sentinel, Azure Policy, Wiz Policy, GCP Org Policy, and Open Policy Agent, Kubernetes
- Cloud infrastructure as code experience with Helm, ARM, JSON, YAML, REGO
- Prior banking or financial institution experience
Education Requirements
- Degree or Diploma required; Master's or PhD preferred
- Cloud or DevSecOps engineering certification is an asset
Required Experience
- Minimum 8 years of experience in Cloud Security, DevSecOps, AI, or Cloud Engineering roles
- Minimum 3 years of Technical Lead experience
Important Notes
- Candidates must be available for an in-person interview if selected for the second round. Inability to attend in person is a hard disqualifier do not apply if you cannot attend an in-person interview.
- The interview process consists of 2 steps: a virtual interview followed by a 1-hour in-person technical interview.
About the Client
This client is one of North America's largest financial services institutions and the sixth-largest bank on the continent by branches, serving approximately 22 million customers across Canada, the United States, Europe, and the Asia-Pacific region. Headquartered in Toronto, Ontario, it operates a full-service financial platform spanning personal and commercial banking, wealth management, insurance, and payment solutions, delivered through a team of over 85,000 employees worldwide. Teams here span retail banking advisors, commercial lenders, wealth management professionals, risk analysts, and technology specialists including roles in cloud security, DevSecOps, and AI engineering making it an exceptional environment for professionals seeking a globally respected organization with a genuine focus on inclusion and career development.
About GTT
GTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company in Alaska. We highly value diverse and inclusive workplaces and support Fortune 500 organizations across banking, financial services, technology, life sciences, biotech, utilities, and retail sectors throughout the U.S. and Canada.
Job Number: 26-08309
#gttca #LI-GTT #LI-Onsite