Senior Product Security Engineer overseeing product security for a growing SaaS company. Challenging role leading security initiatives and collaborating across development teams to fortify applications and infrastructure.
Responsibilities
Lead secure architecture reviews and threat modeling for new features, major changes, and sensitive workflows/integrations, translating outcomes into concrete mitigations teams can ship.
Build and evolve secure “paved road” components—standards, defaults, and reusable frameworks—so the secure path is the easiest path.
Integrate and tune automated controls in CI/CD to prevent vulnerabilities from reaching production.
Improve developer experience by making security tooling and guardrails easy to use, and serve as a trusted security partner by providing practical guidance so teams can ship secure features faster and reduce repeat issues.
Perform targeted code reviews and assessments on high-risk areas to proactively identify security issues.
Continuously improve the processes for intake, prioritization, resolution, and recurrence prevention of vulnerabilities. Coordinate external penetration tests and vulnerability disclosure submissions.
Partner with DevOps/platform teams to harden infrastructure and embed practical guardrails that reduce risk across cloud environments, IAM, Kubernetes, and deployment pipelines.
Improve dependency and third-party risk management through scalable workflows that reduce exposure and speed response.
Define lightweight, outcome-based metrics to focus effort on the highest-impact risk reductions.
Implement AI-assisted security workflows to improve early detection, reduce noise, and accelerate remediation, with human verification.
Support triage of infrequent security events impacting the product, and drive post-incident learnings into preventative controls.
Requirements
5+ years of experience in product security, application security, security engineering, or equivalent experience as a software engineer or architect with substantial security ownership.
Hands-on software development experience and the ability to read and write production code in one or more languages (e.g., Python, C#, Ruby, JavaScript/TypeScript).
Security certifications (e.g., OSCP, OSWE, cloud security certifications) are helpful but not required—demonstrated impact matters most.
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.