Cloud Security Engineer
Apply NowCompany: CapServCo Limited Partnership
Location: Toronto, ON M4E 3Y1
Description:
Who we are
You know those big cities that still feel like small towns? Where everyone's friendly and helps each other out? That's like Doane Grant Thornton. Except here we're all professionals and there isn't a mayor or a general store. What we're trying to say is that we're a large and growing professional services firm that still feels like a community. We employ over 3000 people across Canada, and we truly care about our colleagues, our clients and the communities where we work and live. That's what's most important to us. We're building a thriving organization that's purpose driven and still want to remember what your favourite milkshake flavour is.
Our special culture shines through when we have the opportunity to connect in person. That's why we're working in a model where teams are required to be together in the office 4 days per week.
As a Cloud Security Engineer your responsibilities will include:
Serve as an Information Security Advisor to various lines of business by providing subject matter expertise related to new services, products, and projects
Assess applications, infrastructure, business units, business processes, and external suppliers for information security risks, identifying potential threats and exposures
Conduct security reviews of planned initiatives across the organization and produce high-quality Threat Risk Assessment reports that clearly articulate risks
Demonstrate and apply strong project management, documentation, and communication skills
Serve as the subject matter expert on several production security technologies, staying abreast of emerging security support technologies and industry trends
Assist team lead with interpret requirements documents, architecture diagrams, solution designs, and other written and verbal information to determine if a project, application, infrastructure, or external supplier presents a security risk to DoaneGT
Provide recommendations to development and operational teams to address security weaknesses and identify potential new security solutions
Coordinate with Learning & Development on staff security training program
Conduct email phishing simulation testing and report analytics
Work with team lead on quarterly privileged access reviews and remediation workplans
Coordinate the annual IT Audit exercise with internal and external auditors
Responding to the client security questionnaires
Assist with other cybersecurity-related tasks
Additionally, you will:
Assist in security and architecture reviews, understand engineering stacks, services, and data flows
Assist in design, implement, automate, and document security solutions and processes for Microsoft Azure, SaaS applications, and other cloud platforms
Deploy security solutions in cloud environments, including Microsoft Azure and M365
Assist and train team members in the use of cloud security tools and resolution of security issues
Research and maintain an extensive knowledge base of current cloud technology advancements, trends, and directions, identifying potential threats and exposures
Assist in investigating and remediating security incidents and issues
Create and support KPIs and KRIs that measure risk reduction and progress over time in the cloud
Help governance, compliance, and risk management teams ensure the system consistently meets cybersecurity requirements
Act as a mentor across teams to enable a best-of-breed approach to cloud security and cloud management
Protect systems from data breaches at all times
Monitor, operate, and improve system uptime, performance, high availability, and disaster recovery readiness
Collaborate with other operational and development teams during triage and resolution of operational issues
Assist with other cybersecurity-related tasks
Deploy, monitor and fine-tune SIEM solutions, threat hunting, security event analysis, and forensic investigations
Deploy, monitor and manage vulnerability solutions
Manage and monitor security Web Broker cloud access solutions
Working closely with DevOps team and taking a lead from Team Lead on security pen testing of the code
Doane Grant Thornton
If you're a bit like us, you're driven to connect with how others are feeling and thinking. Here we walk in others shoes before taking action. Just imagine being part of a team that puts "we before me", where flexAbility is a mindset, and where you trust your colleagues to have your back. At Doane Grant Thornton, you'll work with inspiring leaders who support your development, both personally and professionally. This is a place where your insatiable curiosity enables you to think, see and hear from a variety of perspectives, a place where every day is different and having the courage to grow is part of who you are. And when all this comes together, well that's when the magic happens!
Want to learn more about who we are and how we live our purple every day? Read our colleagues' stories at www.discoveryourpurple.ca
Think you've got what it takes to be a Cloud Security Engineer? Like the colour purple? Great. Here's a few more boxes we're also hoping you can tick:
Bachelor's degree in engineering, computer science, information systems, business, or other related major
3 years of information security consulting and advisory experience
CompTIA Security , CompTIA Network or GIAC Security Essentials (GSEC)
CISSP, CCSP, CRISC, Ethical Hecker is an asset
5 years of experience with Microsoft Azure Cloud Platform
5 years of experience with Microsoft AAD, M365, and Endpoint Manager
3 years of experience with Endpoint solutions (Microsoft Defender)
Experience with ERM/GRC tools, threat assessments, and security testing methodologies
Working knowledge of security standards including ISO 27001 and NIST 2.0
Must have CISSP with CISA, CRISC, GIAC, or similar certification considered an asset
Strong initiative, analytical, and critical thinking skills
Understanding of networking and developing working relationships with various key stakeholders
Solid business and technical acumen
Experience in developing security metrics, KRIs, and KPIs for leadership
Ability to synthesize information into succinct, concise, and logical summaries and reports
Ability to work with teams to achieve goals and meet deadlines in a fast-paced environment
Capability to work under pressure with time constraints and prioritize competing priorities appropriately
Knowledge of Microsoft M365 services including Exchange Online; familiarity with Mimecast is preferred
Knowledge of Microsoft Azure policy configurations for security modules such as Defender, Conditional Client Access, Application Protection Policy, etc.
Familiarity with IT auditing tools
At Doane Grant Thornton we're focused on making a difference in the lives of our clients, our colleagues and our communities. That's our purpose. Or, as we like to say, living our purple.
What's in it for you?
Profit sharing, Flex days, RRSP contributions, Firmwide holiday closure, Wellness benefits, Concierge-like benefits, Work from anywhere in Canada in the summer for 4 weeks, and more!
Are you ready to Discover Your Purple?
#LI-Onsite
You know those big cities that still feel like small towns? Where everyone's friendly and helps each other out? That's like Doane Grant Thornton. Except here we're all professionals and there isn't a mayor or a general store. What we're trying to say is that we're a large and growing professional services firm that still feels like a community. We employ over 3000 people across Canada, and we truly care about our colleagues, our clients and the communities where we work and live. That's what's most important to us. We're building a thriving organization that's purpose driven and still want to remember what your favourite milkshake flavour is.
Our special culture shines through when we have the opportunity to connect in person. That's why we're working in a model where teams are required to be together in the office 4 days per week.
As a Cloud Security Engineer your responsibilities will include:
Serve as an Information Security Advisor to various lines of business by providing subject matter expertise related to new services, products, and projects
Assess applications, infrastructure, business units, business processes, and external suppliers for information security risks, identifying potential threats and exposures
Conduct security reviews of planned initiatives across the organization and produce high-quality Threat Risk Assessment reports that clearly articulate risks
Demonstrate and apply strong project management, documentation, and communication skills
Serve as the subject matter expert on several production security technologies, staying abreast of emerging security support technologies and industry trends
Assist team lead with interpret requirements documents, architecture diagrams, solution designs, and other written and verbal information to determine if a project, application, infrastructure, or external supplier presents a security risk to DoaneGT
Provide recommendations to development and operational teams to address security weaknesses and identify potential new security solutions
Coordinate with Learning & Development on staff security training program
Conduct email phishing simulation testing and report analytics
Work with team lead on quarterly privileged access reviews and remediation workplans
Coordinate the annual IT Audit exercise with internal and external auditors
Responding to the client security questionnaires
Assist with other cybersecurity-related tasks
Additionally, you will:
Assist in security and architecture reviews, understand engineering stacks, services, and data flows
Assist in design, implement, automate, and document security solutions and processes for Microsoft Azure, SaaS applications, and other cloud platforms
Deploy security solutions in cloud environments, including Microsoft Azure and M365
Assist and train team members in the use of cloud security tools and resolution of security issues
Research and maintain an extensive knowledge base of current cloud technology advancements, trends, and directions, identifying potential threats and exposures
Assist in investigating and remediating security incidents and issues
Create and support KPIs and KRIs that measure risk reduction and progress over time in the cloud
Help governance, compliance, and risk management teams ensure the system consistently meets cybersecurity requirements
Act as a mentor across teams to enable a best-of-breed approach to cloud security and cloud management
Protect systems from data breaches at all times
Monitor, operate, and improve system uptime, performance, high availability, and disaster recovery readiness
Collaborate with other operational and development teams during triage and resolution of operational issues
Assist with other cybersecurity-related tasks
Deploy, monitor and fine-tune SIEM solutions, threat hunting, security event analysis, and forensic investigations
Deploy, monitor and manage vulnerability solutions
Manage and monitor security Web Broker cloud access solutions
Working closely with DevOps team and taking a lead from Team Lead on security pen testing of the code
Doane Grant Thornton
If you're a bit like us, you're driven to connect with how others are feeling and thinking. Here we walk in others shoes before taking action. Just imagine being part of a team that puts "we before me", where flexAbility is a mindset, and where you trust your colleagues to have your back. At Doane Grant Thornton, you'll work with inspiring leaders who support your development, both personally and professionally. This is a place where your insatiable curiosity enables you to think, see and hear from a variety of perspectives, a place where every day is different and having the courage to grow is part of who you are. And when all this comes together, well that's when the magic happens!
Want to learn more about who we are and how we live our purple every day? Read our colleagues' stories at www.discoveryourpurple.ca
Think you've got what it takes to be a Cloud Security Engineer? Like the colour purple? Great. Here's a few more boxes we're also hoping you can tick:
Bachelor's degree in engineering, computer science, information systems, business, or other related major
3 years of information security consulting and advisory experience
CompTIA Security , CompTIA Network or GIAC Security Essentials (GSEC)
CISSP, CCSP, CRISC, Ethical Hecker is an asset
5 years of experience with Microsoft Azure Cloud Platform
5 years of experience with Microsoft AAD, M365, and Endpoint Manager
3 years of experience with Endpoint solutions (Microsoft Defender)
Experience with ERM/GRC tools, threat assessments, and security testing methodologies
Working knowledge of security standards including ISO 27001 and NIST 2.0
Must have CISSP with CISA, CRISC, GIAC, or similar certification considered an asset
Strong initiative, analytical, and critical thinking skills
Understanding of networking and developing working relationships with various key stakeholders
Solid business and technical acumen
Experience in developing security metrics, KRIs, and KPIs for leadership
Ability to synthesize information into succinct, concise, and logical summaries and reports
Ability to work with teams to achieve goals and meet deadlines in a fast-paced environment
Capability to work under pressure with time constraints and prioritize competing priorities appropriately
Knowledge of Microsoft M365 services including Exchange Online; familiarity with Mimecast is preferred
Knowledge of Microsoft Azure policy configurations for security modules such as Defender, Conditional Client Access, Application Protection Policy, etc.
Familiarity with IT auditing tools
At Doane Grant Thornton we're focused on making a difference in the lives of our clients, our colleagues and our communities. That's our purpose. Or, as we like to say, living our purple.
What's in it for you?
Profit sharing, Flex days, RRSP contributions, Firmwide holiday closure, Wellness benefits, Concierge-like benefits, Work from anywhere in Canada in the summer for 4 weeks, and more!
Are you ready to Discover Your Purple?
#LI-Onsite