Security Advisor – ISAM
Intact
AnsibleCyber SecurityDockerKubernetesPython
Staff Security Engineer
EvenUp
full-time
Posted on:
Location Type: Hybrid
Location: Toronto • 🇨🇦 Canada
Visit company websiteSalary
💰 CA$106,800 - CA$232,000 per year
Job Level
Lead
Tech Stack
CloudCyber SecurityDNSNode.jsPythonRuby
About the role
- Identify and address security risks through thorough assessments and mitigation strategies.
- Ensure the secure coding of the platform and implement measures to protect against unauthorized access and data breaches.
- Develop and execute plans to respond to security incidents, conducting forensic analysis and implementing preventive measures.
- Ensure EvenUp systems comply with regulations and industry standards, addressing ethical concerns and promoting transparency.
- Establish real-time monitoring systems to detect and respond to security threats, conducting regular assessments.
- Assess and secure third-party components integrated into our systems to prevent vulnerabilities.
- Provide training to enhance the team's security awareness and foster a security-conscious culture.
- Maintain documentation of security protocols, incidents, and improvements, and communicate regular reports to stakeholders
Requirements
- 10+ years of implementation experience in a security-focused role with an emphasis on hands-on secure technical architecture and implementation work, and oversight in a team setting (e.g., conducting solution security reviews)
- Proven expertise in SAST/DAST, application security, and CI/CD pipeline integration
- Deep understanding of AI-specific threats — prompt injection, model poisoning, membership inference, adversarial perturbation, and output manipulation
- In-depth knowledge and implementation experience of information security principles, policy enforcement, operating systems, web application security, and a high-level of familiarity with malicious code uses, OWASP Top 10, and common techniques used by hackers
- Experience with designing and implementing next-generation security technologies, such as SASE, CASB, or RASP
- Hands-on experience with application patch management, software supply chain security, or artifact repositories like JFrog and Snyk
- Strong fluency in at least one programming or scripting language: Python, Ruby, NodeJs
- Cybersecurity certification (e.g. CISSP, CISM, CISA, CRISC, GIAC or other relevant certification)
- Up-to-date knowledge and regular monitoring of the evolution of technologies and vulnerabilities to identify the solutions and measures necessary to secure cloud computing applications and ecosystems
- Hands-on and in-depth experience with application and infrastructure-level design security including modern mitigation techniques and good practices (e.g., DNS-SEC, OWASP Top 10 mitigations, cryptographic fundamentals etc.)
- Strong hands-on skills with creating automations using Python
Benefits
- Choice of medical, dental, and vision insurance plans for you and your family
- Additional insurance coverage options for life, accident, or critical illness
- Flexible paid time off, sick leave, short-term and long-term disability
- 10 US observed holidays, and Canadian statutory holidays by province
- A home office stipend
- 401(k) for US-based employees and RRSP for Canada-based employees
- Paid parental leave
- A local in-person meet-up program
- Hubs in San Francisco and Toronto
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
secure codingSASTDASTapplication securityCI/CD pipeline integrationinformation security principlesweb application securityapplication patch managementPythonautomation
Soft skills
team oversightsecurity awareness trainingcommunication
Certifications
CISSPCISMCISACRISCGIAC
