Sr Cyber Security Engineer
Apply NowCompany: Haventree Bank
Location: Toronto, ON M4E 3Y1
Description:
Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are available through a variety of wealth management platforms.
About Haventree Bank
Headquartered in Toronto, Ontario, Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the bank's mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system.
Position Summary:
Reporting to the Director, Information Security, the Senior Cyber Security Engineer plays a critical role in ensuring our customer-facing applications are secure at every stage of the SDLC. They will leverage their expertise in cloud security, CICD tools, and application security testing to assess and improve the overall security posture of our platforms. The ideal candidate will bridge the gap between development, operations, and security teams to guarantee security is embedded into every stage of our software delivery pipeline.
Major Duties & Responsibilities:
Qualifications & Experience:
Degrees, Diplomas & Certifications:
Years and Range of Experience Required to Perform the Job:
While we thank everyone for their interest in Haventree Bank, please note that only candidates selected for an interview will be contacted. Haventree Bank is committed to providing accommodation when needed. If you require an accommodation, we will work with you to meet your needs.
As a job candidate, our recruitment process includes collecting personal information. Please click the link here to review our Privacy Policy.Privacy Statement | Haventree Bank Stay in touch with us, if this position is not the right one for you - please click on this link for other roles atCareers | Haventree Bankor follow us on LinkedIn atwww.linkedin.com/company/haventree-bank/ Haventree Bank embraces equal opportunity, diversity, and inclusion. Please let us know if you require any accommodations during the recruitment and selection process by contacting accessibility@haventreebank.com
About Haventree Bank
Headquartered in Toronto, Ontario, Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the bank's mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system.
Position Summary:
Reporting to the Director, Information Security, the Senior Cyber Security Engineer plays a critical role in ensuring our customer-facing applications are secure at every stage of the SDLC. They will leverage their expertise in cloud security, CICD tools, and application security testing to assess and improve the overall security posture of our platforms. The ideal candidate will bridge the gap between development, operations, and security teams to guarantee security is embedded into every stage of our software delivery pipeline.
Major Duties & Responsibilities:
- Review and assess existing CI/CD pipelines for security best practices, making recommendations for improvements, and monitoring for compliance.
- Lead and support development efforts for Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) for both web and mobile applications. Confirm security vulnerabilities are identified and remediated early in the development lifecycle.
- Review and advise on cloud infrastructure security best practices for Azure (preferred) or AWS environments. Ensure configurations are secure and compliant with internal and regulatory standards.
- Review and enhance security configurations for our Customer Identity and Access Management (CIAM) platform, ensuring secure access and compliance with privacy regulations.
- Work closely with development and DevOps teams to provide security recommendations and guidance to guarantee that security is integrated seamlessly into the development lifecycle.
- Monitor applications and systems for compliance with internal and external regulatory requirements. Verify that the organization's security posture aligns with industry standards and best practices (e.g., OWASP, NIST, CIS, etc.).
- Develop roadmaps and recommendations to drive enhancements to cloud security architecture, governance, and standards. Identify, incorporate, and articulate cloud security best practices such as DevSecOps strategy, Zero Trust design, and cloud incident response.
- Perform security reviews and maturity assessments across technology and business teams to address cyber risk. Provide clear and organized risk findings and recommendations to business teams.
- Stay updated with the latest security threats, trends, and technologies to ensure the organization is proactive in identifying and mitigating security risks.
Qualifications & Experience:
Degrees, Diplomas & Certifications:
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.
- Desirable certifications: relevant security certifications such as - CCSP, CEH, OSCP, Azure Security Engineer Associate, AWS Certified Security Specialty, CISSP.
Years and Range of Experience Required to Perform the Job:
- Minimum of 5+ years of experience in cloud security, with at least 2 years of direct experience in a Senior Security Engineering role focused on cloud platforms and development pipelines.
- Extensive Experience with CI/CD Tools: Strong knowledge and hands-on experience with platforms such as GitHub, GitHub Actions, Terraform, SonarCloud, Snyk, and related toolsets.
- Cloud Security Expertise: In-depth experience working with Azure security configurations (preferred) or AWS, ensuring compliance and security best practices in cloud infrastructure.
- Application Security: Proven expertise in DAST and SAST for mobile and web applications, with a strong understanding of how to integrate these into CI/CD pipelines.
- API Security: Strong understanding of API security principles and best practices, with hands-on experience in assessing third-party API integrations.
- Identity & Access Management: Expertise in Auth0 or similar IAM solutions, with a focus on customer identity and access management security.
- Threat Intelligence & Security Operations: Experience designing, building, and maintaining a cloud-native SIEM (Security Information and Event Management) solution like Microsoft Sentinel, focusing on security monitoring, threat detection, incident analysis, and automation.
- Development & Security Mindset: A solid foundation in software development practices, with the ability to assess code for security vulnerabilities and best practices.
- Collaboration & Communication Skills: Ability to work effectively with cross-functional teams, translating complex security concepts into actionable insights for developers and non-technical stakeholders.
- Knowledge of common security frameworks and standards (OWASP, NIST, CIS, etc.).
- Familiarity with financial industry regulatory and compliance standards (e.g., PIPEDA, OSFI, SOC 2).
While we thank everyone for their interest in Haventree Bank, please note that only candidates selected for an interview will be contacted. Haventree Bank is committed to providing accommodation when needed. If you require an accommodation, we will work with you to meet your needs.