We are At Synechron, we believe in the power of digital to transform businesses for the better. Our global consulting firm combines creativity and innovative technology to deliver industry-leading digital solutions. Synechron's progressive technologies and optimization strategies span end-to-end Artificial Intelligence, Consulting, Digital, Cloud \& DevOps, Data, and Software Engineering, servicing an array of noteworthy financial services and technology firms.
Through research and development initiatives in our FinLabs we develop solutions for modernization, from Artificial Intelligence and Blockchain to Data Science models, Digital Underwriting, mobile-first applications and more. Over the last 20+ years, our company has been honored with multiple employer awards, recognizing our commitment to our talented teams. With top clients to boast about, Synechron has a global workforce of 14,500+, and has 58 offices in 21 countries within key global markets.
Our challenge We are seeking an experienced Security Engineering \& Remediation professional with over 15 years in the field to lead cybersecurity engineering team responsible for identifying, prioritizing, and mitigating cybersecurity risks and vulnerabilities. Your leadership will be instrumental in transforming and maintaining our cybersecurity framework, positioning Capital Markets as a leader in cybersecurity resilience across the organization. Additional Information* The base salary for this position will vary based on geography and other factors.
In accordance with law, the base salary for this role if filled within Toronto, ON is CAD $140k - CAD $160k/year \& benefits (see below). The Role Responsibilities: As "Director, Security Engineering \& Remediation", you will establish and lead a dedicated engineering team focused on hands-on remediation of vulnerabilities primarily within application code, container platforms, cryptography, and security hardening. You will design and implement robust processes, technical solutions, and automation specifically targeting vulnerabilities identified through container scans, application security testing (SAST, DAST, IAST, SCA), cryptographic assessments, and insider threat risk monitoring.
Leveraging your deep software development expertise, architectural knowledge, and familiarity with OWASP Top 10, SANS 25, and threat modeling, you will enhance software security, container resilience, and proactively identify and mitigate insider threats through behavioural analytics and continuous log monitoring. Build and lead a specialized security engineering team dedicated to direct vulnerability remediation primarily within application code, container environments (Docker, Kubernetes), cryptography, infrastructure-as-code (IaC), and system hardening. Implement and manage technical security solutions and automation focused on container security scanning results, software vulnerability remediation, and insider threat detection.
Collaborate closely with development teams to directly address vulnerabilities identified by security testing tools (SAST, DAST, IAST, SCA). Design, implement, and manage an insider threat risk monitoring program, including user behaviour analytics, anomalous activity detection, and continuous oversight of critical application logs to detect and investigate suspicious activities. Conduct hands-on remediation of application vulnerabilities aligned with OWASP Top 10, SANS 25, and enforce secure coding best practices.
Drive integration of security remediation and insider threat detection capabilities into CI/CD pipelines, enhancing DevSecOps effectiveness. Communicate technical remediation progress, insider threat detection initiatives, issues, and achievements clearly to senior stakeholders and management. Requirements: 10+ years of experience in software development and cybersecurity engineering roles, with significant hands-on expertise in application vulnerability remediation, container security, secure coding practices, and insider threat detection.
Proficiency technical experience with scripting languages (e.g. Python, PowerShell, etc.) and familiarity with multiple programming languages (e.g. Java, C#, C++, SQL, etc.) for software development and vulnerability remediation. Extensive hands-on experience with application security testing tools (SAST, DAST, IAST, SCA) and direct remediation activities. Technical expertise with container security (Docker, Kubernetes), infrastructure-as-code (IaC) security (e.g. Terraform), vulnerability remediation, insider threat detection, and security automation tools.
Strong architectural knowledge, comprehensive understanding of secure software development lifecycle (SSDLC) practices, and familiarity with OWASP Top 10, SANS 25, and threat modelling methodologies. Preferred, but not required: Relevant security certifications (CSSLP, GWAPT, OSCP, CISSP, or equivalent). Experience in financial services or highly regulated industries.
Hands-on experience with container security scanning tools such as Aqua and remediation of identified issues. Strong understanding of cryptographic best practices and system hardening techniques. Demonstrated ability to lead technically focused teams within complex, multi-stakeholder environments.
We offer: A multinational organization with 58 offices in 21 countries and the possibility to work abroad. 15 days (3 weeks) of paid annual leave plus an additional 10 days of personal leave (floating days and sick days). A comprehensive insurance plan including medical, dental, vision, life insurance, and long-term disability.
Flexible hybrid policy. RRSP with employer's contribution up to 4%. A higher education certification policy.
On-demand Udemy for Business for all Synechron employees with free access to more than 5000 curated courses. Coaching opportunities with experienced colleagues from our Financial Innovation Labs (FinLabs) and Center of Excellences (CoE) groups. Cutting edge projects at the world's leading tier-one banks, financial institutions and insurance firms.
A truly diverse, fun-loving and global work culture. SYNECHRON'S DIVERSITY \& INCLUSION STATEMENT Diversity \& Inclusion are fundamental to our culture, and Synechron is proud to be an equal opportunity workplace and is an affirmative action employer. Our Diversity, Equity, and Inclusion (DEI) initiative 'Same Difference' is committed to fostering an inclusive culture -- promoting equality, diversity and an environment that is respectful to all.
We strongly believe that a diverse workforce helps build stronger, successful businesses as a global company. We encourage applicants from across diverse backgrounds, race, ethnicities, religion, age, marital status, gender, sexual orientations, or disabilities to apply. We empower our global workforce by offering flexible workplace arrangements, mentoring, internal mobility, learning and development programs, and more.
All employment decisions at Synechron are based on business needs, job requirements and individual qualifications, without regard to the applicant's gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.
