Staff Information Security Engineer

2T Consulting

Ontario, ON

Posted On: Sep 24, 2025

Posted On: Sep 24, 2025

Job Overview

Job Type

Full-time

Experience

10 - 15 Years

Salary

Depends on Experience

Work Arrangement

On-Site

Travel Requirement

0%

Required Skills

  • CISSP
  • DevSecOps
  • DevOps
  • compliance frameworks
  • networking
  • IAM
  • PKI
  • TLS
  • Linux/Unix
  • information security
Job Description
Roles and Responsibilities
  • Triage and investigate information security alerts and events; analyze and escalate as necessary.
  • Implement and improve operational processes, procedures, and tools to enhance the organization's security posture.
  • Lead and support:
    • Periodic access reviews
    • Vulnerability assessments
    • Secure-SDLC activities
    • Third-party security evaluations
    • Security Steering Committee initiatives
    • Penetration testing
    • External audit support (e.g., PCI-DSS, SOC 2)
  • Architect and enforce compliance and security in cloud-native and hybrid environments.
  • Provide technical guidance on secure architecture, cloud security, and automation.
  • Serve as a subject matter expert on secure development and infrastructure practices.
  • Work autonomously to drive security initiatives and collaborate across technical and non-technical teams.
  • Provide after-hours support for security operations as needed.

 

Required Qualifications
  • Bachelor’s degree in Computer Science, Information Systems, or a related field — or equivalent work experience.
  • CISSP certification (with endorsement completed) is required.
  • 5+ years of experience in information security, with expertise across at least four CISSP domains.
  • Strong background in DevSecOps or Security-focused DevOps.
  • Experience with compliance frameworks such as PCI-DSS, SOC 2, ISO 27001, or NIST.
  • Proven understanding of defense-in-depth strategies and technical control implementation.
  • Expertise in cloud-native technologies including Kubernetes, and experience with major cloud platforms (AWS, GCP, Azure).
  • Deep understanding of networking, PKI, TLS, encryption, and IAM.
  • Hands-on experience with:
    • Security tools for host and network assessments
    • Vulnerability scanning, CVEs, CVSS, and remediation
    • IAM, RBAC, SSO, and AuthN/AuthZ technologies
  • Proficiency in Linux/Unix, Python, and Shell scripting.
  • Experience developing and enforcing information security policies and governance procedures.

 

Preferred Qualifications
  • Additional certifications: CISA, CISM, CGRC, or CRISC
  • Experience in a leadership or team lead role
  • Participation in external audits or regulatory reviews
  • Experience driving security automation in CI/CD pipelines

Job ID: 2C250310


Posted By

Shayne

Sr. Recruiter