Senior Security Engineer

We’re looking for a Senior Security Engineer to manage the security of our R&D operations and production application. You’ll plan and execute security initiatives directly and in collaboration with other teams. You’ll take ownership of our security practices and the vision going forward, with the support of our exec team down through Engineering leadership.

We take a DevOps approach to delivery and production ownership. This applies to our security strategy as well: Working alongside the Director, Information Security, you’ll manage security projects as well as lead the way the rest of the department manages security for their respective application domains.

This role can be hybrid out of our Toronto office, or fully remote, anywhere in Canada.

You will:

• Evolve and expand our existing security activities – threat modeling, risk mitigation, observability, incident response. Manage and execute security projects based on internal and external inputs such as our bug bounty program, pentesting, or other gap analysis.

• Implement security improvements as an individual contributor as well as in collaboration with our teams. Set the standard for how new code being shipped meets our security needs.

• Advocate for security. Build a culture of security ownership rooted in shared values

• Managing security roadmaps from a corporate-wide perspective to meet the needs of various stakeholders including enterprise sales enablement.

• Work in a predominantly AWS cloud environment with some Google Cloud Platform services. Our services are built on Django and get continuously deployed.

You are:

You’re familiar with modern security practices and technologiesYou understand security in a cloud provider context (we use primarily AWS with some GCP services as well) and can help move us toward a Zero Trust architectureFamiliar with managing infrastructure as code with automation tools such as TerraformAble to achieve results as an individual contributor as well as through aligning and guiding others5+ years of experience in application security or related fields, with a strong ability to collaborate with application development teams.Proficient in threat modelling, architecture design review processes, and familiar with common attack vectors and exploitation techniques.Strong communication skills, capable of articulating security concerns and solutions to both technical and non-technical stakeholders.Knowledge of development security best practices for mobile and web applications.Bachelor’s degree in Computer Science, Engineering, or a related discipline, or an equivalent combination of education and experience.

Why team members love working at Top Hat:

• A noble mission that creates meaningful, fulfilling work

• A team that cares deeply for customers and for each other

• Flexible, remote first work environment

• Professional learning and development for all role levels

• An awesome and welcoming Toronto HQ

• Competitive health benefits that start on day one

• A management team focused on performance, growth, engagement and connection

• Our winning strategy and market potential

• Innovative PTO policy with lots of time and space for self-care

• Passionate customers that believe in us—and what we do

• A chance to work with new tech like generative AI—and see the customer impact