Permanent FTE
Hybrid 4x per week in Toronto
Salary: $130,000-$136,000
Required Skills \& Experience
Strong Knowledge of
Azure
with some exposure to GCP and AWS
4+ years in
Cloud Security, DevSecOps, or Cloud Engineering roles.
Previous banking experience
Cloud infrastructure as a code
- experience with Terraform, Helm, ARM, JSON, YAML
Compliance as Code (CaC)
- Hands on experience with
HashiCorp Sentinel, Azure policy, Wiz policy, GCP Org policy and Open Policy Agent, Kubernetes
CI/CD Pipelines
- Experience with GitHub actions, Jenkins
Scripting and Automation- Proficiency in
Python, Bash, Go, PowerShell, terraform and automate testing framework.
Cloud Security \& Compliance – Understanding of
CIS benchmarks, NIST standards and security frameworks.
Nice to Have Skills \& Experience
Specifications; Azure fundamentals certification Azure security engineer associate, GCP fundamentals certification
Experience with multi cloud security testing GCP, Azure and AWS
Experience with Container security and Kubernetes policy enforcement
Job Description
Insight Global is looking for a Cloud Security Engineer for one of the leading banks in Toronto. We are looking for a detailed-oriented Cloud Security Engineer to join our team. This individual will focus on automating and validating compliance as code (CaC) policies across multi cloud environments including GCP, Azure and AWS. This role involves creating and implementing automated test cases to ensure these policies function as intended.The engineer will integrate these tests into GitHub based CI CD pipelines using GitHub workflows and GitHub actions and leverage Terraform, Python, PowerShell.
Mainly responsibilities include the below:
Design, develop, implement and maintain automated test frameworks for the behavior of existing compliance as a code policy across cloud environments (GCP/AWS/Azure) in alignment with banking regulations.
Develop comprehensive positive negative and edge exception test cases to validate policy enforcement logic.
Build automated test pipelines integrated with CI CD workflows to ensure continuous validation of CAC changes
Collaborate with CaC policy developers and security architects and Cloud Service Owners to understand intended behavior and failure conditions
Implement mock cloud environments/services/IAM for to simulate realistic scenarios for policy testing
Maintain a test suite library and ensure traceability between compliance requirements validation cases and artifacts
Continuous testing \& CI/CD integration
Integrate compliance validation tests into CI CD pipelines GitHub actions GitHub workflows and terraform to enforce continuous compliance checks before deployment.
Automate security scanning and validation of terraform deployments with PowerShell, and Python
Validate the enforcement of banking cloud security policies by embedding automated compliance checks into DevSecOps workflows and actions
-
Cloud Security and Regulatory Compliance enforcement
Work closely with Banking security, DevSecOps teams, and Cloud Compliance governance teams to define and enforce cloud security controls in accordance with regulatory mandates.
Validate cloud resource configurations against financial industry standards, (NIST, ISO 27001, SOC 2)
Reporting \& Audit Readiness
Implement/test logging and monitoring solutions to detect compliance violations in real time.
Automate/validate the generation of compliance reports and dashboards using tools like SonarQube, Wiz.IO, Splunk
Ensure that all Standards \& STIG requirements for IAAS, PaaS, SaaS CaC development, and testing activities are traceable and auditable for internal risk assessments and external regulatory audits.