Senior Security Engineer Location: Ottawa, ON or Toronto ON| Hybrid
Department: R&D- Cybersecurity
Reports To: Saurav Jha, Information Security & Technology Lead
Type: Permanent | Full-Time
The RoleWe're looking for a
seasoned Security Engineer who brings deep, hands-on expertise across the security spectrum. Your primary focus will be Application Security and Vulnerability Management owning and maturing these disciplines as Solink continues to scale.
But this isn't a narrow role.You'll also be a key contributor to incident response, endpoint detection and response (EDR), and day-to-day security operations, stepping in wherever your expertise is needed most. You'll work closely with corporate and product/engineering teams, building the kind of collaborative relationships that make security a shared responsibility. Whether you're embedding guardrails into CI/CD pipelines, helping triage a critical vulnerability, making recommendations on shift-left developer practices, or advising an IT partner on endpoint hardening you bring calm and confident judgment and the technical depth to back it up.
This role reports to the Manager of Security and Compliance, under the Director of Cybersecurity. It's a high-autonomy position for someone who thrives on building, mentoring, and driving systemic improvement.
What You'll DoApplication Security & Vulnerability Management- Triage and coordinate remediation of vulnerabilities across SAST, SCA, DAST, CSPM, external reconnaissance, security advisories, and bug reports
- Own the SAST, DAST, and SCA technical stack end-to-end including configuration, execution, triage, and reporting across Solink's technology stack
- Lead Solink's shift-left security program by embedding security guardrails, automated checks, and developer tooling into IDEs and CI/CD pipelines to identify issues early and drive adoption across teams
- Leverage AI-powered security tools and modern techniques for vulnerability discovery and triage, combining them with practical experience and traditional security tooling.
- Develop scalable practices, automation workflows, and documentation that raise the security bar across the organization
- Participate in architecture reviews and threat modeling exercises, providing security and compliance guidance across product-engineering and corporate systems.
- Conduct source code and whitebox security assessments, providing actionable recommendations to improve security posture
Security Operations & Compliance- Support incident response activities, including investigation, containment, recovery, and post-incident reviews.
- Contribute to threat hunting and red team exercises across AWS, Kubernetes, and other cloud environments.
- Support compliance initiatives, evidence collection, audit readiness and the ongoing automation of compliance processes.
- Help teams adopt AI tools securely by contributing to AI threat modeling, implementing appropriate controls, and addressing emerging AI-related risks.
- Partner with IT Services and corporate stakeholders on endpoint security, EDR, and broader security operations initiatives.
- Execute penetration tests for web, mobile, and API applications.
What You BringMust-Have:- 8+ years of experience in security engineering, application security, cloud security, or related disciplines, with hands-on experience securing production environments.
- Deep expertise in application security and vulnerability management, including SAST, DAST, SCA, penetration testing, and secure code review.
- Experience integrating security tooling into CI/CD pipelines and DevSecOps workflows.
- Proficiency in at least one scripting language (Python, Go, or equivalent), with experience building and automating security tooling.
- Hands-on cloud security experience in AWS or GCP.
- Experience with SIEM platforms, detection engineering, incident investigation, and security operations.
- Strong understanding of IAM, including SSO, MFA, RBAC, PAM, and identity threat detection.
- Knowledge of OWASP Top 10, secure development practices, software supply chain security, and SBOMs.
- Comfortable leveraging AI-powered tools and adapting to emerging security technologies.
- Strong communication, ownership, and problem-solving skills, with the ability to influence technical and non-technical stakeholders.
- Familiarity with security and compliance frameworks such as SOC 2, ISO 27001, NIST CSF, and MITRE ATT&CK/ATLAS.
- Bachelor's degree in Information Security, Computer Science, Engineering, or equivalent practical experience.
Nice-to-Have:- Security certifications such as CISSP, CCSP, GSEC, GCIH, or AWS/GCP Security Specialty.
- Experience with Kubernetes, container security, and cloud security posture management.
- Experience securing AI-enabled systems, AI governance, or AI-specific security risks and frameworks.
- Familiarity with LLM-based security tools, autonomous vulnerability discovery, or bug bounty programs.
- Experience supporting compliance automation, GRC initiatives, customer trust programs, or security assurance efforts.
- Success working on small, high-impact security teams with broad ownership across multiple domains.
Security Requirements- Candidates must undergo a criminal records check upon hire;
- Be a Canadian Citizen (dual citizens included), or eligible to work in Canada;
- Be willing to comply with Solink's own security policies and standards.
Our ValuesWe do things the Solink way:
- Act with URGENCY - Our customers move fast, so we do too.
- Deliver with QUALITY - We sweat the details and hold a high bar.
- Win with TEAM - No egos. Just outcomes, built together.
- Lead with TRUST - We earn it through clarity, consistency, and care.
These aren't just words-they shape how we hire, lead, and grow.
What to Expect from the Hiring ProcessWe respect your time and value transparency. Here's a general idea of what to expect:
- Intro call with our Talent Team
- Interview with the Hiring Manager
- Technical Panel Interview
- Final CTO Interview
- Reference Checks
- Offer & onboarding
Please note: this is subject to change at any point in the recruitment process based on the needs of the business.How to ApplySubmit your resume and a short cover letter via our [Careers Page]. Let us know what excites you about this role, and how you'd help move Solink forward.
NOTICE: Solink uses artificial intelligence (AI) to screen, assess, and/or select candidates for this position. 
