- We succeed together
- We embrace progress
- We care big
- We create space
- Design, implement, manage, and automate robust cybersecurity solutions to safeguard our networks, systems, and applications.
- Conduct thorough security assessments and risk analysis to identify vulnerabilities and recommend appropriate measures for mitigation.
- Collaborate with cross-functional teams to integrate security best practices into the development lifecycle of applications and infrastructure.
- Monitor and respond to security incidents, conduct incident investigations, and implement incident response strategies.
- Stay abreast of emerging threats and vulnerabilities, and proactively implement measures to counteract potential risks.
- Develop and deliver cybersecurity training programs to educate staff on security best practices and promote a security-conscious culture.
- Evaluate and recommend new technologies, tools, and methodologies to enhance our cybersecurity posture.
- Conduct regular security audits and assessments to ensure compliance with industry standards and regulatory requirements.
- Provide expertise and guidance on security-related matters to internal stakeholders and leadership.
- Minimum 5+ years of continuous experience in Cyber Security including Engineering, Operations, and/or Compliance
- Deep technical knowledge of Cyber Security, DevOps, and InfraOps is preferred
- Security Architecture principles (Defense-in-Depth, Least Privilege, Zero Trust, etc.)
- Hybrid Environments (Azure, On-Prem Networks, Containers, Endpoints, etc.)
- Security Program Phases (Risk Assessment, Architecture and Design, Implementation, Operations and Monitoring)
- Strong organization and leadership skills with the ability to facilitate technical sessions and capable of communicating complex technical information to a non-technical audience
- Certification in at least one of the following OSCP, CCSA, CISA, or CISSP
- Knowledge of NIST, CIS Top 18, and other applicable Security Industry Standards and Best Practices
- Scripting and Automation (Python, PowerShell, API)
- Experience with Microsoft Defender, Rapid7, CoalFire, and Trivy are positives
- Flexible PTO
- Certification(s) reimbursement
- Summer Fridays
- No meeting Fridays
- Extended Medical, Dental, Paid Sick Days, Vision, Life Insurance, and Disability Leave Coverage
Security Engineer - Toronto, Canada - CARET
Description
CARET brings the latest in technology and automation to over 10,000 legal and accounting firms, empowering highly skilled professionals to refocus their expertise on what truly matters. CARET harnesses powerful and secure practice management, document automation, and payment processing to take firms, professionals, and their clients further.
Our team-defined values guide how we show up for each other, for our partners, and for our customers:
To join our remote-first, engage from anywhere team, visit
The Senior Security Engineer should have a strong and demonstrated aptitude for Cyber Security with experience in Cloud Security (CloudSec), Vulnerability Management & Response (VMR), and Compliance audits (SOC2, PCI DSS, ISO Your experience should be supported by extensive and diverse experience in leading high-profile technical programs and projects. Your capability to review and advise on Security matters should span into the domain knowledge of Systems Engineering, Network Operations, and Application Development.
Responsibilities:
Equal Employment Opportunity: CARET is an Equal Opportunity, Affirmative Action Employer.
The compensation information below is provided in compliance with job posting disclosure requirements.
Pay range: $135,000 - $180,000. Actual base pay will depend on varying circumstances, including the position, location, individual qualifications, market finances, and other operations business needs.
Depending on the position, compensation may also include commission, bonuses, etc. Potential for bonuses is based on company performance and potential for merit increases is based on performance.
#ProductsTech