<< Back to all jobs
Security Specialist - Senior
| 2025-03-25 10:12:52
Apply Now
Summary:
Join our team as a Security Engineer to enhance product and service security across cloud environments. You'll collaborate with engineering teams to perform threat modeling, conduct security reviews, and develop mitigation strategies. Responsibilities include security testing automation, vulnerability assessments, and ensuring compliance with industry security standards. Expertise in Microsoft Azure, AWS, token-based authentication, and cryptographic algorithms is required. This hybrid role requires on-site work at the hiring manager's discretion. Candidates must have 5+ years of experience in cloud security, threat modeling, and network security. Public sector experience is required. All work must be conducted within Canada.
 
Deliverables

Include, but are not limited to:

  • Assist with designing product and service security controls.
  • Collaborate with engineering teams to perform threat modeling for the proposed architecture.
  • Research security vulnerabilities in current architecture and communicate mitigation strategies to impacted teams.
  • Engage with engineering teams to perform security reviews of the architecture, design, and code throughout the SDLC process.
  • Work with product architects to provide remediation and potential fixes for security issues found from pen tests, static (SAST) and dynamic (DAST) analysis and provide fix recommendations, ensure that findings are addressed.
  • Perform ongoing security posture assessments using commercial or native tools to identify and track remediation of cyber risk in cloud environments.
  • Contributing security-focused feedback to engineers during all phases of the development lifecycle.
  • Report to management and key stakeholders on the product security status.
Additional Terms

Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from Ontario Health.

Assignment Type: This position is currently listed as "Hybrid". The resource under this request will be required to work onsite as per Hiring Manager sole discretion. All work must be conducted in Canada unless otherwise agreed to by Ontario Health.

Knowledge Transfer Details

• The Candidate will ensure full knowledge transfer is provided to the Ontario Health team before end of agreement.

• The Candidate must provide documentation as part of Knowledge transfer protocol..

• The Candidate should provide knowledge transfer to new resource at a minimum over a one week transition period.

• Knowledge transfer will occur as information is obtained and consolidated, as well as at key project milestones. Specifically, knowledge transfer will be achieved through:

• Knowledge transfer includes sharing and walk through of the documentation, and regular team meetings to discuss project status, issue, risk and changes

• Also any joint review sessions, analysis workshops, etc. where key deliverables are shared with Ontario Health staff

Supplier Comments

MSP Notes

 Must Haves:

·        5+ years’ experience and strong knowledge with Cloud computing concepts. Microsoft Azure and Amazon AWS PaaS knowledge and experience is highly preferred.

·        5+ years’ experience and knowledge of application security architectures and the purpose of privacy and security controls (e.g. token based authentication and authorization such as OIDC, SAML and OAUTH).

·        5+ years’ experience building and automating security testing.

·        5+ years’ experience and knowledge and understanding of networking, network security and cryptographic algorithms.

·        5+ years’ experience with Threat Modeling.

 

 

Location: Remote - All work must be conducted in Canada unless otherwise agreed to by Ontario Health.

Public Sector Experience: Required

# of submissions/supplier: 1