Senior Security Engineer

The Role

This is an early, high-ownership security engineering hire. You’ll design and operate the security platform end to end — identity, endpoints, detection, automation, and compliance — for a company where security is a first-class product and customer requirement, not an afterthought. You’ll build greenfield, set the standards the rest of the team inherits, and translate demanding compliance obligations into clean, automated engineering.

If you want to own a security program from the ground up in a mission-driven defence-tech environment, this is it.

Toronto, On-Site

Head of Security

• Build and operate our identity platform as infrastructure-as-code (Terraform-managed IdP), including SSO/SCIM integrations across the full application estate
• Implement phishing-resistant authentication and device-trust enforcement using hardware security keys (Web Authn/FIDO2)
• Deploy, maintain, and tune endpoint detection & response (EDR) across the device fleet
• Design and maintain secure MDM baselines — configuration profiles and policies for all managed endpoints
• Integrate our HRIS and IT asset-management systems with identity and endpoint tooling to automate joiner/mover/leaver and full asset-lifecycle workflows
• Stand up and refine log-ingestion pipelines into our SIEM / security-analytics platform
• Develop detection-as-code capabilities — version-controlled, tested, CI/CD-deployed detections
• Design and operate SOAR-driven automation that orchestrates identity, secrets management, the productivity/collaboration suite, security tooling, and custom GenAI/LLM models (managed/self-hosted inference)
• Deploy and continuously refine enterprise security controls to counter emerging threats and meet compliance baselines (CPCSC, NIST SP 800-171 / ITSP.
  10.171)
• Ensure every security platform and control satisfies Canadian data-residency requirements
• Own third‑party/vendor security due diligence and ensure vendors meet our trust and sovereignty requirements

• 5+ years in security engineering, infrastructure security, or a closely related discipline
• Deep, hands‑on identity & access management experience: building and operating a modern IdP, SSO/SCIM, phishing-resistant MFA, and device trust
• Strong infrastructure-as-code skills (Terraform) applied to security tooling
• Endpoint security expertise: EDR operations and MDM baseline design across macOS (Windows/Linux a plus)
• SIEM / log-pipeline engineering and detection-as-code (version control, testing, CI/CD)
• Security automation / SOAR experience and comfort integrating APIs across a diverse stack; proficient scripting (Python or similar)
• Working knowledge of security control frameworks (NIST SP 800-171, CMMC/CPCSC, ITSP.
  10.171) and a track record of turning controls into engineering work
• Experience assessing third-party / vendor security and reasoning about data residency and sovereignty in a Canadian context

• Experience in defence, government, critical infrastructure, or other regulated / high-assurance environments
• Eligibility to obtain a Canadian security clearance (Reliability or Secret) — a strong asset as the role grows
• Experience securing GenAI/LLM systems and building AI-driven security automation
• Exposure to OT, embedded, robotics, or autonomous-systems security
• Relevant certifications (OSCP, GIAC, etc.) — valued, not required

• Shape Canada’s future by building real defence capability for the CAF and our allies.
• Make decisions that ship in a high-trust environment with short feedback loops and rapid iteration.
• Move fast, field faster, and work directly with the operator — our systems are in the field with the CAF now.
• Have an impact from day one with equity, responsibility, and direct access to leadership.

• Competitive base salary and company equity
• Comprehensive health benefits
• Additional equity granted based on impact