We’re looking for a Senior Security Engineer to manage the security of our R&D operations and production application. You’ll plan and execute security initiatives directly and in collaboration with other teams. You’ll take ownership of our security practices and the vision going forward, with the support of our exec team down through Engineering leadership.

We take a DevOps approach to delivery and production ownership. This applies to our security strategy as well: Working alongside the Staff Engineer, Information Security, you’ll manage security projects as well as lead the way the rest of the department manages security for their respective application domains.

This role can be hybrid out of our Toronto office, or fully remote, anywhere in Canada.

You will:

• Design, implement, and maintain security systems and solutions with AWS and GitHub

• Conduct security assessments, evaluate penetration test results, and validate incoming bug bounty submissions from our Vulnerability Disclosure Program

• Understand and recommend security policies and procedures as needed

• Respond to security incidents and provide post-incident analysis

• Stay up-to-date with the latest security trends and threats

• Mentor junior security engineers

• Understand and apply Threat Modelling

You are:

• 5+ years of experience in information security.

• 3+ Experience with scripting languages (e.g., Python, Bash)

• 3+ Experience with AWS

• 3+ Experience with Terraform

• Experience with security tools such as SIEM, IDS/IPS, and vulnerability scanners

• Excellent problem-solving and communication skills

• Familiarity with GitHub Advanced Security

• Strong knowledge of network security, application security, and cloud security

• Strong knowledge of Linux and networking

• Previous experience working in IT operations on-prem and/or cloud infrastructure

• Experience with security frameworks and compliance standards, including NIST SP 800-53, ISO 27001, and SOC 2

Nice to have:

• Bachelor's degree in Computer Science, Information Security, or a related field

• Industry certifications (e.g., CISSP, CISM, OSCP, AWS Certified Security).

• Previous experience with AWS services

  • SecurityHub, GuardDuty, Trusted Advisor

  • Control Tower, Organizations, Config

  • Lambda

  • Athena

Why team members love working at Top Hat:

• A noble mission that creates meaningful, fulfilling work

• A team that cares deeply for customers and for each other

• Flexible, remote first work environment

• Professional learning and development for all role levels

• An awesome and welcoming Toronto HQ

• Competitive health benefits that start on day one

• A management team focused on performance, growth, engagement and connection

• Our winning strategy and market potential

• Innovative PTO policy with lots of time and space for self-care

• Passionate customers that believe in us—and what we do

• A chance to work with new tech like generative AI—and see the customer impact