<p>We are seeking an experienced Information Security Engineer, who is interested in being a technical mentor to a small team. This role is also critical in ensuring the security and integrity of systems, networks, and data. You will be responsible for implementing and maintaining security policies, monitoring threats, and promoting best practices across this organization.</p><p><br></p><p><strong>Key Responsibilities</strong></p><p><br></p><ul><li>Develop, implement, and maintain security policies, standards, and controls.</li><li>Monitor, detect, and respond to security threats, vulnerabilities, and incidents.</li><li>Conduct risk assessments and periodic security audits.</li><li>Manage and optimize security tools such as SIEM, IDS/IPS, and DLP solutions.</li><li>Investigate security breaches and provide remediation strategies.</li><li>Ensure compliance with regulatory frameworks (e.g., PCI, PII, CASL).</li><li>Stay current with emerging threats and industry standards.</li></ul><p><br></p>
<p>This is a hybrid opportunity (2–3 days per week onsite) based in Downtown Toronto.</p><p>Are you ready to help shape and grow an innovative Offensive Security team?</p><p>We are seeking an experienced cybersecurity professional who specializes in offensive security, application testing, and threat management within modern technology stacks—including low code/no code platforms and AI/ML pipelines.</p><p>In this strategic role, you will lead efforts to identify vulnerabilities, simulate adversarial threats, and enhance the organization's security posture across its cloud, application, and AI/ML environments. Candidates with proven success building offensive security teams, driving penetration testing and incident response programs, and securing AI/ML workflows are encouraged to apply.</p><p>Key Responsibilities:</p><ul><li>Lead and execute penetration tests on low code/no code platforms, uncovering misconfigurations and privilege escalation issues.</li><li>Conduct targeted assessments of AI/ML pipelines, models, and data flows to identify security gaps.</li><li>Evaluate CI/CD integrations and MLOps environments with a focus on risk mitigation.</li><li>Analyze web and mobile applications for vulnerabilities, including insecure APIs and injection threats.</li><li>Perform threat modeling and code analysis to support vulnerability remediation.</li><li>Monitor and respond to security incidents using SIEM technologies such as Splunk and Azure Sentinel.</li><li>Develop use cases that anticipate emerging threats, especially those related to AI/ML attack vectors.</li><li>Utilize industry-standard tools—Burp Suite, OWASP ZAP, Checkmarx, Veracode, Snyk—for comprehensive vulnerability assessments.</li><li>Conduct offensive API testing and simulate real-world adversarial scenarios.</li></ul><p><br></p>
