Security Engineer

To strengthen our Software Engineering team, we are looking for a

                                                                                                               SECURITY ENGINEER 
 

ROLE

We are seeking a Software Security Engineer experienced with compliance audits and frameworks such as SOC 2 Type II, FedRAMP and ISO.  This role is responsible for leading security and compliance initiatives with internal and external teams and stakeholders, will drive certifications processes and ensure all policies, processes and procedures are met and documentation is maintained.  The ideal candidate will have a deep understanding of information security principles, infrastructure management and secure software development practices and tools.

PROFILE 

•    Collaborate with cross-functional teams to integrate state of the art security controls at every step from design, development, quality assurance to maintenance of systems
•    Discover, assess and report vulnerabilities and escalate issues if needed
•    Review, identify weaknesses and propose improvements in architectures and systems designs
•    Develop and promote best security practices, design and architecture patterns to engineering teams
•    Analyze findings from different tools, pen tests and support DevSecOps pipelines development
•    Develop and maintain tools/scripts to help teams to achieve secure coding practices
•    Collaborate with Product Owners and business stakeholders to prioritize and assess security related tasks
•    Monitor latest industry security developments, analyze impact, and work with teams to mitigate risks
•    Manage the SOC 2 Type II audit process for infrastructure systems, collaborating with both internal teams and external auditors.
•    Maintain expert knowledge of our systems infrastructure, ensuring it meets SOC 2 Type II compliance requirements and other regulatory standards.
•    Develop, implement, and maintain procedures and policies to ensure system compliance with SOC 2 Type II and other applicable regulations.
•    Communicate effectively with stakeholders, auditors, and team members regarding compliance matters and audit processes.
•    Manage remediation efforts to address any identified system vulnerabilities or issues.
•    Provide training and guidance on compliance matters to other team members.
•    Conduct regular security assessments of applications, identifying vulnerabilities and taking appropriate mitigation measures.
•    Participate in incident response and cyber security investigations.
•    Proven experience with SOC 2 Type II audits in a system-focused role.
•    In-depth knowledge of IT systems infrastructure, including both on-premises and cloud-based systems, and related security principles.
•    Understanding of regulatory requirements, risk management methodologies, and security frameworks.
•    Excellent problem-solving, communication, and project management skills.
•    Active security industry certifications such as OSCP as a strong advantage.  
•    2+ years of experience in cybersecurity, software development or IT Operations
•    Experience in SAST and DAST 
•    Experience with Pentest is a plus
•    Experience in software programming, preferably Java or .NET
•    Experience in Infrastructure as code tooling, preferably Terraform and Ansible 
•    Basic knowledge of relational databases, e.g., Oracle, SQL Server and PostgreSQL
•    Strong interpersonal, communication and teaching skills
•    Strong analytical skills
•    Passion for excellence and willing to become a key team player
•    Ability to multi-task, self-direct, manage deadlines and team-oriented
•    Fluent in English, French is an asset 
•    Bachelor's degree in Information Technology, Computer Science, or a related field.
•    Relevant professional certifications (CISSP, CISM, CISA, etc.) are strongly preferred.

 
JOIN US: 

Our success comes from our highly skilled and talented employees
Respectful entrepreneurship and a long-term vision are key for success 
Our people contribute to a more secure world 
Diversity at all levels of an organization is a strength

SICPA Securink Corporation is committed to making its electronic and information technologies accessible to individuals with disabilities by meeting or exceeding the requirements of Section 508 of the Rehabilitation Act (29 U.S.C. 794d), as amended in 1998. If you are a qualified individual with a disability or are a disabled veteran, and are unable or limited in your ability to use or access our Careers site as a result of your disability, you have the right to receive assistance in completing the application process. To request an accommodation, please click here.

SICPA Securink Corporation is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.  For more information on or to view our EEO policy, please contact Human Resources.

EEO     

EEO Supplement