Cloud Security Engineer

Cloud Security Engineer (AWS)

Location: Toronto, ON (Hybrid)

Type: Full-Time

Comp: 150-170k base + bonus + RRSP + full benefits

A leading financial services platform is hiring a Cloud Security Engineer to secure and scale its AWS cloud environment across infrastructure, applications, and customer-facing systems.

This is a highly technical, hands-on role focused on building and enforcing cloud security best practices across a modern AWS stack. You’ll partner closely with DevOps and engineering teams to embed security into workflows, strengthen compliance posture, and protect systems operating at real scale.

What You’ll Do

• Design and implement secure AWS architectures aligned with industry standards
• Own cloud security across IAM, access controls, and account structure (Organizations, Control Tower)
• Deploy and manage AWS-native security tools (GuardDuty, Security Hub, Macie, WAF, Shield)
• Implement encryption and key management solutions (KMS, Secrets Manager, CloudHSM)
• Integrate logging and monitoring (CloudTrail, CloudWatch, Config) into SIEM platforms
• Secure cloud networking across VPCs, Security Groups, ACLs, and PrivateLink
• Partner with DevOps to embed security into CI/CD pipelines
• Automate security controls using Terraform, CloudFormation, and scripting
• Secure containerized and serverless environments (EKS, ECS, Fargate, Lambda)
• Conduct vulnerability assessments, penetration testing, and remediation
• Drive compliance across frameworks (CIS, NIST, ISO 27001, SOC2, PCI-DSS, HIPAA)
• Lead incident response planning, disaster recovery, and security best practices adoption

What We’re Looking For

• 10+ years of experience in IT/security, with 4+ years focused on AWS cloud security
• Deep hands-on experience securing AWS services (IAM, VPC, EC2, S3, RDS, Lambda, etc.)
• Strong knowledge of AWS security tooling (GuardDuty, Security Hub, Macie, Inspector)
• Experience with encryption and key management (KMS, ACM, CloudHSM)
• Background in Infrastructure-as-Code and automation (Terraform, CloudFormation, scripting)
• Experience securing containers and serverless workloads
• Familiarity with Zero Trust, identity federation, and RBAC models
• Experience with vulnerability management, SIEM/SOAR, and incident response
• Exposure to multi-cloud (Azure, GCP) is a plus
• AWS Security Specialty, CISSP, or similar certifications preferred

Why Apply?

• High-impact role securing critical cloud infrastructure at scale
• Strong ownership across AWS security architecture and strategy
• Work closely with DevOps and engineering on modern cloud systems
• Exposure to regulated environments and enterprise-grade security practices
• Competitive compensation, bonus, and comprehensive benefits package