Senior Security Engineer – DevSecOps, Vulnerability Management, Cryptography

E-Solutions
Toronto, CA; US
Hybrid

Job Description

Senior Security Engineer – DevSecOps, Vulnerability Management, Cryptography

Role: Senior Security Engineer – DevSecOps, Vulnerability Management, Cryptography

Location Toronto, Canada ON - M5S 1K9 (Hybrid)

Role Summary

We are seeking a

Senior Security Engineer

to support enterprise security initiatives with a focus on

vulnerability management

,

cryptography

,

secrets and certificate management

, and

DevSecOps enablement

. The resource will work closely with application, cloud, and platform teams to embed security controls across the SDLC and production environments.

This role is suitable for candidates with strong

hands‑on delivery experience

in

large enterprise or regulated environments

.

Key Responsibilities

Vulnerability Management

  • Operate and support

enterprise vulnerability scanning

across applications, infrastructure, cloud, and containers.

  • Analyze and triage vulnerability findings; work with engineering teams to drive timely remediation.
  • Track vulnerabilities through remediation and closure.
  • Support security assessments and penetration testing engagements.

Cryptography & Encryption

  • Implement and support

encryption standards

for data at rest and in transit.

  • Manage cryptographic controls, key usage, and lifecycle practices.
  • Ensure cryptographic implementations align with organizational security standards.

Secrets & Certificate Management

  • Implement and manage

secrets management

for applications, services, and CI/CD pipelines.

  • Manage

certificate lifecycle

including issuance, renewal, rotation, and expiration.

  • Eliminate hardcoded secrets and improve secure configuration practices.

DevSecOps

  • Integrate security controls into

CI/CD pipelines

(DevSecOps).

  • Support implementation of security tooling such as:
  • SAST / DAST
  • Dependency and container scanning
  • Infrastructure‑as‑Code (IaC) scanning
  • Partner with development teams to embed security early in the SDLC.

Mandatory Skill Set

  • 5–8 years

of hands‑on experience in

Security Engineering

.

  • Strong experience with

vulnerability scanning and vulnerability management

.

  • Solid understanding of

cryptography

, encryption, and key management concepts.

  • Hands‑on experience with

certificate management

.

  • Proven experience implementing

DevSecOps

practices in CI/CD pipelines.

  • Strong understanding of application and cloud security fundamentals.

Preferred / Nice‑to‑Have Skills

  • Cloud platform experience: Azure, AWS, or GCP.
  • Experience with containers, Kubernetes, and IaC.
  • Scripting experience (Python, PowerShell, Bash).
  • Experience in

banking, financial services, or other regulated industries

.

  • Relevant security certifications (nice to have):
  • CISSP, CCSP, CSSLP
  • Cloud security or DevSecOps certifications

Skills & Requirements

Technical Skills

Vulnerability scanning and vulnerability managementCryptographyEncryption standardsSecrets managementCertificate lifecycleDevsecopsSastDastDependency and container scanningIac scanningCisspCcspCsslpCloud security or devsecops certificationsEnterprise security initiativesVulnerability managementCryptographySecrets and certificate managementDevsecops enablement

Employment Type

FULL TIME

Level

senior

Posted

4/16/2026

Apply Now

You will be redirected to E-Solutions's application portal.