Location :
Richmond, Hybrid (3 days on-site)
Duration : 12 month contract
Language :
English, professional proficiency in written and spoken communication
About the Opportunity
This is an opportunity to play a hands‑on role in strengthening security across the full software development lifecycle within a collaborative DevSecOps environment. You’ll work closely with DevOps and product teams to embed secure‑by‑design principles into modern applications and cloud platforms, helping protect systems that support critical services.
Operating within a public sector organization, this role offers the chance to balance technical depth with meaningful impact. Your expertise will influence architecture decisions, security tooling, and developer practices, ensuring confidentiality, integrity, and availability are built in from day one, not bolted on later.
What’s in it for You
A hybrid work model that supports balance and consistency
The chance to influence security strategy across enterprise‑scale platforms
Exposure to modern DevSecOps practices, cloud security, and emerging AI security considerations
A collaborative, people‑first environment that values knowledge sharing and mentorship
Your Responsibilities
You’ll lead threat modeling activities to identify and mitigate security risks during design and architecture phases.
In this role, you’ll perform secure code reviews, design reviews, and black‑box and white‑box penetration testing.
You’ll embed SCA, SAST, and DAST tools into CI / CD pipelines and continuously tune them for accuracy and impact.
You’ll create and maintain Azure security policies to support secure cloud deployments.
You’ll manage vulnerability and risk management processes across the full development lifecycle.
You’ll partner with DevOps teams to define security controls, user stories, and best practices.
You’ll deliver secure coding training and support incident response as a security subject matter expert.
Skills and Qualifications
6+ years of progressive experience in security engineering roles
An undergraduate degree in Computer Science or a STEM‑related field
Industry certifications such as CISSP, CEH, or equivalent
Strong expertise in threat modeling, SCA, SAST, DAST, and web application penetration testing
Deep knowledge of security controls across application and infrastructure layers
Working knowledge of AI security design principles and controls
Note from the Hiring Manager
"We’re looking for a security engineer who enjoys working closely with developers and architects, someone who can translate security requirements into practical solutions that teams can actually use."
#J-18808-Ljbffr
Security Engineer • Toronto, Canada