×
Register Here to Apply for Jobs or Post Jobs. X

Infrastructure Security Engineer

Job in Toronto, Ontario, C6A, Canada
Listing for: Segment (Twilio)
Full Time position
Listed on 2026-07-14
Job specializations:
  • IT/Tech
    Cloud Computing: Infrastructure & Operations, Cybersecurity, Systems Engineer, AWS
Salary/Wage Range or Industry Benchmark: 110000 - 190000 CAD Yearly CAD 110000.00 190000.00 YEAR
Job Description & How to Apply Below

About The Role

Our Security Engineering team builds intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity. We apply software engineering and AI to solve security problems across product, infrastructure, and operations by building guardrails where they matter, not gates where they don't.

What You’ll Do
  • Own the security architecture of our production cloud environment – AWS at the core, spanning multiple accounts, Kubernetes clusters, Terraform‑managed infrastructure, and the identity plane that ties everything together.
  • Evaluate, build out and operate our cloud security visibility and protection platform ensuring it’s deeply integrated into engineering workflows to drive the automated remediation of infrastructure risks.
  • Define and drive our zero trust access strategy, integrating device trust and identity‑aware proxies to provide seamless, secure access to Opendoor infrastructure.
  • Harden our Kubernetes environment including RBAC, admission policies, workload identity, runtime protection, image signing, and base‑image strategy on top of our Bottlerocket and Karpenter foundation.
  • Build new agentic detection and response workflows using AWS native primitives that close the loop from alert to investigation to remediation.
  • Drive a shift‑left cloud security strategy within our pipelines using Terraform/Terrakube, Git Hub Actions, Elastic Container Registry so that misconfigurations get caught at commit time.
  • Partner with the Infrastructure team on cloud‑native security decisions: VPC architecture, ingress, secrets management (Vault), service identity, and how Okta extends into AWS, Azure, and GCP.
  • Run our cloud detection engineering:
    Guard Duty, Security Hub, Cloud Trail, VPC flow logs – tuned for signal, integrated with Datadog and our incident response playbooks.
  • Set the bar for what "secure by default" looks like for AI‑maximalist engineering – vibe‑coded apps, MCP servers, and agent‑driven workflows that touch production cloud infrastructure.
  • Mentor engineers across Opendoor on cloud security patterns, and turn the patterns you see into automated guardrails.
Tech Stack
  • Cloud Platforms: AWS (primary), Azure, GCP
  • Containers and Orchestration: EKS, Bottlerocket, Karpenter, Helm, ArgoCD
  • Identity and Access:
    Okta, Duo, AWS Identity Center, Okta for Kubernetes, Platform SSO (macOS), Hashi Corp Vault
  • Cloud Security Tooling:
    Lambda, Guard Duty, Security Hub, Cloud Trail, Elastic Container Registry, VPC Flow Logs, Kinesis, Git Hub Advanced Security, cloud security posture and workload protection platform
  • Detection and Observability:
    Datadog, Cribl, S3
  • Languages:

    Go, Python, Type Script, Ruby, Terraform (HCL), Terrakube (self‑hosted)
  • AI Tooling:
    Claude Code, Claude Cowork, OpenAI, Codex, Bedrock, RunlayerMCP, custom agent frameworks
What You’ll Need
  • Deep conviction that AI and automation should eliminate manual work and increase the team's impact, and a track record to prove it. You’ve built agentic systems that replaced reactive security work, not just configured off‑the‑shelf tools.
  • Comfort operating with high autonomy in ambiguous environments. You’ve defined what "good" looks like in a domain where no playbook existed, you’re energized by that, not unsettled by it.
  • Business enablement security mindset. You measure success by business impact and informed risk taking, not by tickets opened or compliance checklists completed.
  • 5+ years of cloud or infrastructure security experience, with deep AWS expertise – you can read a Cloud Trail event, write a service control policy, and explain why a particular identity trust policy is dangerous, all in the same conversation.
  • Strong skills in at least one of Go, Python, or Type Script, with the ability to read and write Terraform and shell scripts. You are a builder.
  • Hands‑on Kubernetes security experience – RBAC, network policies, admission control, workload identity, image and supply‑chain security.
  • Experience deploying and operating cloud posture and workload protection tooling (Wiz, Prisma, Orca, Datadog, Crowd Strike Falcon Cloud , Lacework, or equivalent) with a strong opinion on what good looks like.
  • Identity first security…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary