Senior Security Engineer

Location

Toronto (hybrid)

Employment Type

Full time

Location Type

Hybrid

Department

Engineering

Compensation

• Toronto - HybridCA$153,859 – CA$208,163 • Offers Equity

The salary range provided reflects the compensation that EvenUp reasonably expects to offer for this role. The specific salary within this range will be determined based on various factors, including the candidate's relevant experience, education, skills, location, and alignment with the role's responsibilities.

EvenUp is on a mission to close the justice gap using technology and AI. We empower personal injury lawyers and victims to get the justice they deserve. Our products enable law firms to secure faster settlements, higher payouts, and better outcomes for victims injured through no fault of their own in vehicle collisions, accidents, natural disasters, and more.

We are one of the fastest-growing vertical SaaS companies in history, and we are just getting started. EvenUp is backed by top VCs, including Bessemer Venture Partners, Bain Capital Ventures, SignalFire, and Lightspeed. We are looking to expand our team with talented, driven, and collaborative individuals who seek to have a lasting impact. Learn more at www.evenuplaw.com.

Life as an Engineer at EvenUp 🎥

EvenUp’s security team is growing rapidly to support the company’s mission of ensuring personal injury victims receive fair compensation. With ambitious goals to double the size of our engineering team by the end of 2026, we are looking for a hands-on Senior Security Engineer to lead and scale our security efforts. You’ll work across functions to design and maintain secure infrastructure, evaluating whether to build or buy solutions as we grow. Your work will be critical in safeguarding our AI-native document generation platform, trusted by attorneys with over $1.5B in damages claimed to date.

As a Senior Security Engineer at EvenUp, you will set security strategy, collaborate with cross-functional partners, and drive major initiatives that secure customer data, our products, and our company’s reputation.

What You'll Do

• Risk Management: Identify and address security risks through comprehensive assessments, mitigation strategies, and execution.

• Code and Network Security: Ensure secure coding and implement systems to protect against unauthorized access and data breaches.

• Incident Response: Develop and execute incident response plans, conduct forensic analysis, and take preventive measures.

• Compliance and Ethics: Maintain compliance with regulations and industry standards, promote transparency, and address ethical concerns.

• Continuous Monitoring: Establish real-time monitoring systems, conduct regular assessments, and proactively respond to threats.

• Vendor & Third-Party Security: Evaluate and secure third-party integrations to prevent vulnerabilities.

• Security Training: Educate and raise awareness for security best practices across the engineering team.

• Documentation & Reporting: Maintain up-to-date documentation on protocols, incidents, and improvements; report regularly to stakeholders.

What We Look For

• 5+ years in a security-focused engineering role, with hands-on technical architecture, implementation, and oversight experience.

• Proven security experience at a startup or high-growth company - you've built or scaled a security function before, not just maintained one.

• Expertise in SAST/DAST, application security, and CI/CD pipeline integration.

• Deep knowledge of AI-specific threats (prompt injection, model poisoning, membership inference, adversarial perturbation, output manipulation).

• Experience implementing security principles, operating system and web application security, and familiarity with the OWASP Top 10 and common threat tactics.

• Knowledge of next-generation security technologies (SASE, CASB, RASP).

• Hands-on experience with patch management, software supply chain security, and artifact repositories (e.g., JFrog, Snyk).

• Strong programming or scripting skills in at least one language (e.g., Python, Ruby, Node.js).

• Relevant cybersecurity certification (CISSP, CISM, CISA, CRISC, GIAC, etc.).

• Up-to-date on technology and vulnerability trends; ability to secure cloud computing applications and ecosystems.

• Application/infrastructure-level security design experience, including modern mitigation techniques (e.g., DNS-SEC, cryptographic fundamentals).

• Strong automation skills with Python.

This is a hybrid role, with an expectation of being in our Toronto office three days per week.

#LI-Hybrid

Notice to Candidates:

EvenUp has been made aware of fraudulent job postings and unaffiliated third parties posing as our recruiting team – please know that we have no affiliation or connection to these situations. We only post open roles on our career page (evenuplaw.com/careers) or reputable job boards like our official LinkedIn or Indeed pages, and all official EvenUp recruitment emails will come from the domains @evenupl