Financial Security Advisor managing your own insurance agency with Co - operators in Quebec. Helping clients assess and implement solutions for financial security needs.
About the role
- Senior Security Engineer responsible for driving security posture at CoinPoker's crypto-poker platform. Collaborating with teams to identify and rectify security threats.
Responsibilities
- Own and drive the end-to-end security posture of all web, API, and infrastructure surfaces
- Identify, assess, and remediate vulnerabilities across frontend (web + Electron), backend services, and cloud infrastructure
- Design and enforce security controls at the Cloudflare edge — WAF policies, bot mitigation rules, Turnstile integrations, and rate limiting strategies
- Harden AWS environments: API Gateway, EC2, Lambda, S3, RDS, and supporting services in line with least-privilege and zero-trust principles
- Lead threat modelling sessions for new product features and flag security gaps before they reach production
- Monitor, investigate, and respond to security incidents — from Cloudflare firewall events and WAF alerts to SIEM-detected anomalies
- Conduct regular penetration testing and vulnerability assessments; triage and prioritise findings by business impact
- Define and enforce HTTP security header policies (CSP, HSTS, X-Frame-Options, Referrer-Policy) across all domains
- Build and maintain a DDoS response playbook; lead active mitigation during volumetric and application-layer attacks
- Partner with engineering teams to embed secure coding practices and participate in code reviews for security-sensitive changes
- Manage the responsible disclosure and bug bounty programme; triage external researcher reports
- Produce clear security reports, risk registers, and executive briefings; track remediation SLAs
- Stay current on emerging attack vectors, CVEs, and threat landscape changes relevant to online gaming and fintech platforms
Requirements
- 8+ years of hands-on experience in application, infrastructure, and web security
- Deep expertise in OWASP Top 10 vulnerabilities: SQLi, XSS, CSRF, IDOR, RCE, SSRF, and clickjacking
- Proven experience with DDoS attack detection, mitigation, and post-incident analysis
- Strong command of Cloudflare — WAF rules, Bot Management, Turnstile, Rate Limiting, Transform Rules, and Firewall Events analysis
- Hands-on AWS security experience: IAM policies, Security Groups, VPC design, API Gateway throttling, WAFv2, Shield, GuardDuty, and CloudTrail
- Deep understanding of API security: authentication flows (OAuth2, JWT, OTP abuse), rate limiting and endpoint hardening
- Experience securing frontend applications against XSS, CSP bypass, clickjacking, and third-party script risks
- Backend security expertise: input validation, secure coding practices, secrets management, SQL injection prevention
- Proficiency with penetration testing tools: Burp Suite, OWASP ZAP, Nmap, Metasploit, Nikto
- Experience conducting and managing vulnerability assessments, threat modelling, and security audits
- Solid understanding of TLS/SSL, HTTP security headers (HSTS, CSP, X-Frame-Options), certificate management
- Experience with SIEM platforms, log aggregation, alert tuning, and incident response
- Knowledge of bot mitigation strategies — JA3/JA4 fingerprinting, bot scoring, heuristic vs ML detection
- Familiarity with compliance frameworks: ISO 27001, SOC 2, PCI-DSS, or GDPR
- Strong written and verbal communication skills — able to produce security reports and brief non-technical stakeholders
- Hands-on experience integrating security testing into CI/CD pipelines: SAST, DAST, SCA, and secrets scanning as automated gates
Benefits
- Flexible work arrangements
- Professional development
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Application Security Lead at Workleap enhancing security in development pipelines. Responsible for the security integration in product development and collaboration across teams.
Application Security Manager at Workleap embedding security in products and development workflows. You will write code, build tooling, and ensure secure software delivery.
Application Security Manager embedding security directly into products, pipelines, and development workflows at ShareGate. Working closely with developers to ensure secure software delivery.
Sr. Cybersecurity Advisor at Optiv designing security solutions tailored to clients’ needs. Driving thought leadership and collaborating with teams to achieve cybersecurity objectives.
LP
Senior Cloud Security Architect
LinkedIn Recruiter Post
Senior Cloud Security Architect (10+ yrs) in Toronto, 3 days on - site. Requires certifications like CISSP, CCSP, CCSK, SABSA, TOGAF, ISO 27001 LA, GICSP, or CRISC.
LP
Network Security Specialist
LinkedIn Recruiter Post
Network Security Specialist contractor position in British Columbia. Focus on network security implementation and operations.
Information Security Specialist ensuring optimal protection of data and systems at University of Toronto. Implementing security platforms and best practices for data integrity and threat mitigation.
IT Security Specialist managing authentication systems at Exposant 3. Handling security architecture and providing technical support for strong authentication systems.
Senior Security Engineer maintaining and operating Samsara’s security infrastructure. Collaborating with global teams to build security engineering programs utilizing modern principles.