Lead Security Engineer – Cyber Platform Engineering

Team: Information Security

Location: Toronto

Commitment: Full Time

Workplace Type: hybrid

Key Responsibilities:

• Own and lead the organization’s web security platform and its protection capabilities.
• Implement and tune web security controls to reduce risk while maintaining performance.
• Maintain platform standards, baselines, governance, and documentation.
• Guide teams on secure onboarding of services (routing, encryption, headers, policies).
• Strengthen protections against common web/API threats and automated abuse.
• Support DDoS readiness through runbooks and exercises.
• Support security requirements for cloud migrations and platform changes.
• Use logging/telemetry tools to investigate issues and support threat analysis.
• Contribute to secure network architecture (segmentation, ingress/egress, connectivity).
• Provide direction on firewall and network protections and rule base reviews.
• Hands-on leadership and mentorship to more junior employees.
• Advance web/API protection and detection maturity and resilience.
• Improve cloud and container security posture through best practice hardening via CSPM.
• Enhance DDoS readiness and operational preparedness.
• Develop reusable, secure engineering patterns for cross team adoption.
 
Team and Collaboration
• Partner with application engineering, cloud platform teams, network/security architecture, and security operations to deliver unified security outcomes. 
• Participate in incident response and drive follow-up improvements.
• Collaborate with domain SMEs across network, endpoint, cloud, and email security to maintain cohesive, enterprise wide protection. 
• Mentor and guide engineers to embrace secure engineering practices. 
• Regularly contribute to security documentation and platform standards, collaborating with team members to maintain accurate, high quality technical artifacts and ensure consistent understanding across teams.

Knowledge/Skill Requirements:

• Proven, hands‑on experience with CDN, WAF, and API protection technologies.
• Strong command of web protection concepts and implementation, including DDoS protection and bot defense.
• Extensive experience in security engineering with strong focus on web and application security within enterprise environments.
• Demonstrated ability to operate as a hands‑on technical lead with end‑to‑end ownership of platform outcomes, prioritization, and cross‑team delivery.
• Strong understanding of network security architecture and common web/cloud attack vectors, with ability to translate threat patterns into practical controls.
• Deep experience with at least one major cloud service provider.
• Working knowledge of container orchestration and container security.
• Solid background in firewall and network security: NGFW, IDS/IPS, etc.
• Experience conducting firewall rule‑base reviews (manual and automated).
• Familiarity with cloud‑delivered network protection models, including secure web gateways and Zero Trust Network Access.
• Experience with email security and threat‑detection tooling, including behavioral analysis and phishing/malware protection.
• Strong understanding of PKI, TLS, certificate lifecycle management, and trust‑model design.
• Excellent communication skills, able to explain complex technical issues clearly to technical and non‑technical audiences.