Fast Facts

Top Hat is seeking a Senior Security Engineer to oversee R&D operations security and production applications, emphasizing a collaborative, DevOps approach to security initiatives. This role can be performed fully remote or hybrid out of Toronto, Canada.

Responsibilities: Design, implement and maintain security systems; conduct security assessments; manage security projects; respond to incidents; mentor junior engineers; and apply threat modeling techniques.

Skills: 5+ years of experience in information security; proficiency in scripting languages like Python and Bash; experience with AWS, Terraform, security tools (SIEM, IDS/IPS); strong problem-solving and communication skills; and familiarity with security frameworks.

Qualifications: Bachelor's degree in Computer Science or related field, industry certifications (CISSP, CISM), and experience with AWS services and security compliance standards preferred.

Location: Canada

Compensation: Not provided by employer. Typical compensation ranges for this position are between CAD $100,000 - CAD $140,000.

We’re looking for a Senior Security Engineer to manage the security of our R&D operations and production application. You’ll plan and execute security initiatives directly and in collaboration with other teams. You’ll take ownership of our security practices and the vision going forward, with the support of our exec team down through Engineering leadership.

We take a DevOps approach to delivery and production ownership. This applies to our security strategy as well: Working alongside the Staff Engineer, Information Security, you’ll manage security projects as well as lead the way the rest of the department manages security for their respective application domains.

This role can be hybrid out of our Toronto office, or fully remote, anywhere in Canada.

You will:

• Design, implement, and maintain security systems and solutions with AWS and GitHub
• Conduct security assessments, evaluate penetration test results, and validate incoming bug bounty submissions from our Vulnerability Disclosure Program
• Understand and recommend security policies and procedures as needed
• Respond to security incidents and provide post-incident analysis
• Stay up-to-date with the latest security trends and threats
• Mentor junior security engineers
• Understand and apply Threat Modelling

You are:

• 5+ years of experience in information security.
• 3+ Experience with scripting languages (e.g., Python, Bash)
• 3+ Experience with AWS
• 3+ Experience with Terraform
• Experience with security tools such as SIEM, IDS/IPS, and vulnerability scanners
• Excellent problem-solving and communication skills
• Familiarity with GitHub Advanced Security
• Strong knowledge of network security, application security, and cloud security
• Strong knowledge of Linux and networking
• Previous experience working in IT operations on-prem and/or cloud infrastructure
• Experience with security frameworks and compliance standards, including NIST SP 800-53, ISO 27001, and SOC 2

Nice to have:

• Bachelor's degree in Computer Science, Information Security, or a related field
• Industry certifications (e.g., CISSP, CISM, OSCP, AWS Certified Security).
• Previous experience with AWS services
• SecurityHub, GuardDuty, Trusted Advisor
• Control Tower, Organizations, Config
• Lambda
• Athena

Why team members love working at Top Hat:

• A noble mission that creates meaningful, fulfilling work
• A team that cares deeply for customers and for each other
• Flexible, remote first work environment
• Professional learning and development for all role levels
• An awesome and welcoming Toronto HQ
• Competitive health benefits that start on day one
• A management team focused on performance, growth, engagement and connection
• Our winning strategy and market potential
• Innovative PTO policy with lots of time and space for self-care
• Passionate customers that believe in us—and what we do
• A chance to work with new tech like generative AI—and see the customer impact