Staff Information Security Engineer
2T Consulting
Ontario, ON
Posted On: Sep 24, 2025
Posted On: Sep 24, 2025
Job Overview
Salary
Depends on Experience
Required Skills
- CISSP
- DevSecOps
- DevOps
- compliance frameworks
- networking
- IAM
- PKI
- TLS
- Linux/Unix
- information security
Job Description
Roles and Responsibilities
- Triage and investigate information security alerts and events; analyze and escalate as necessary.
- Implement and improve operational processes, procedures, and tools to enhance the organization's security posture.
- Lead and support:
- Periodic access reviews
- Vulnerability assessments
- Secure-SDLC activities
- Third-party security evaluations
- Security Steering Committee initiatives
- Penetration testing
- External audit support (e.g., PCI-DSS, SOC 2)
- Architect and enforce compliance and security in cloud-native and hybrid environments.
- Provide technical guidance on secure architecture, cloud security, and automation.
- Serve as a subject matter expert on secure development and infrastructure practices.
- Work autonomously to drive security initiatives and collaborate across technical and non-technical teams.
- Provide after-hours support for security operations as needed.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Systems, or a related field — or equivalent work experience.
- CISSP certification (with endorsement completed) is required.
- 5+ years of experience in information security, with expertise across at least four CISSP domains.
- Strong background in DevSecOps or Security-focused DevOps.
- Experience with compliance frameworks such as PCI-DSS, SOC 2, ISO 27001, or NIST.
- Proven understanding of defense-in-depth strategies and technical control implementation.
- Expertise in cloud-native technologies including Kubernetes, and experience with major cloud platforms (AWS, GCP, Azure).
- Deep understanding of networking, PKI, TLS, encryption, and IAM.
- Hands-on experience with:
- Security tools for host and network assessments
- Vulnerability scanning, CVEs, CVSS, and remediation
- IAM, RBAC, SSO, and AuthN/AuthZ technologies
- Proficiency in Linux/Unix, Python, and Shell scripting.
- Experience developing and enforcing information security policies and governance procedures.
Preferred Qualifications
- Additional certifications: CISA, CISM, CGRC, or CRISC
- Experience in a leadership or team lead role
- Participation in external audits or regulatory reviews
- Experience driving security automation in CI/CD pipelines
Job ID: 2C250310