Skills

Communication Incident Response Risk Management Cloud Security GitHub GitLab CI/CD DevOps Monitoring Jenkins Azure DevOps Research Training Architecture Risk Assessment Organization Azure Software Development Project Management cloud platforms SDLC Analytics CI/CD Pipelines Gitlab CI Infrastructure as Code GitHub Actions Microsoft Azure

Job Specifications

Who We Are

You know those big cities that still feel like small towns? Where everyone's friendly and helps each other out? That's like Doane Grant Thornton. Except here we're all professionals and there isn't a mayor or a general store. What we're trying to say is that we're a large and growing professional services firm that still feels like a community. We employ over 3000 people across Canada, and we truly care about our colleagues, our clients and the communities where we work and live. That's what's most important to us. We're building a thriving organization that's purpose driven and still want to remember what your favourite milkshake flavour is.

As a Cloud Security Engineer your responsibilities will include:

Serve as an Information Security Advisor to various lines of business by providing subject matter expertise related to new services, products, and projects

Skilled and proactive engineer to advise the integration of DevSecOps security practices into our DevOps workflows.

Plays bridge role between information security and development/operations, ensuring that security is embedded throughout the software development lifecycle (SDLC).

You will work closely with engineering, infrastructure, and security teams to automate security controls, monitor systems, and respond to threats in real-time. The role involves the following:

Assist information security team lead with interpreting requirements documents, architecture diagrams, solution designs, and other written and verbal information to determine if a project, application, infrastructure, or external supplier presents a security risk to Doane Grant Thornton.
Secure CI/CD Pipelines: Design and help implement security controls in CI/CD workflows using tools like GitHub Actions, Jenkins, GitLab CI, etc.
Infrastructure as Code (IaC): Secure IaC templates and enforce policy-as-code using tools like Open Policy Agent (OPA) or HashiCorp Sentinel in an Azure DevOps environment.
Assess applications, infrastructure, business units, business processes, and external suppliers for information security risks, identifying potential threats and exposures
Conduct security reviews of planned initiatives across the organization and produce high-quality Threat Risk Assessment reports that clearly articulate risks
Demonstrate and apply strong project management, documentation, and communication skills
Serve as the subject matter expert on several production security technologies, staying abreast of emerging security support technologies and industry trends
Cloud Security: Implement and monitor cloud security best practices across Azure environments.
Vulnerability Management: Integrate automated scanning tools (e.g., Snyk, Veracode) into build pipelines and manage remediation workflows.
Security Automation: Develop scripts and tools to automate security tasks and incident response.
Security Awareness: Advocate for secure coding practices and provide guidance to development teams.
Provide recommendations to development and operational teams to address security weaknesses and identify potential new security solutions
Coordinate with Learning & Development on staff security training program
Conduct email phishing simulation testing and report analytics
Work with Team Lead on quarterly privileged access reviews and remediation workplans
Coordinate the annual IT Audit exercise with internal and external auditors
Responding to the client security questionnaires
Assist with other cybersecurity-related tasks

Additionally, you will:

Assist in security and architecture reviews, understand engineering stacks, services, and data flows
Assist in design, implement, automate, and document security solutions and processes for Microsoft Azure, SaaS applications, and other cloud platforms
Deploy security solutions in cloud environments, including Microsoft Azure and M365
Assist and train team members in the use of cloud security tools and resolution of security issues
Research and maintain an extensive knowledge base of current cloud technology advancements, trends, and directions, identifying potential threats and exposures
Assist in investigating and remediating security incidents and issues
Create and support KPIs and KRIs that measure risk reduction and progress over time in the cloud
Help governance, compliance, and risk management teams ensure the system consistently meets cybersecurity requirements
Act as a mentor across teams to enable a best-of-breed approach to cloud security and cloud management
Protect systems from data breaches at all times
Monitor, operate, and improve system uptime, performance, high availability, and disaster recovery readiness
Collaborate with other operational and development teams during triage and resolution of operational issues
Deploy, monitor and fine-tune SIEM solutions, threat hunting, security event analysis, and forensic investigations
Manage and monitor security Web Broker cloud access solutions
Monitoring & Logging: Collaborate with

About the Company

In Canada. For Canada. Doane Grant Thornton LLP is a leading Canadian accounting and advisory firm dedicated to helping our clients, colleagues, and communities thrive. We help dynamic private and public organizations unlock their business potential by providing meaningful, strategic advice across a broad range of services, including assurance, advisory, and tax. For 85 years, we've worked alongside the businesses that have shaped our country and economy--from small businesses to industry leaders. With nearly 3,000 colleague... Know more