Senior IT Security Engineer

• Location: Vancouver, British Columbia
• Type: Contract
• Job #14268

MatchBox Consulting is currently seeking an Senior IT Security  Engineer for a 6-month contract role with our Vancouver/Victoria based client. Work may be done remotely within BC but preference will be given to local candidates who can work at either the Victoria or Vancouver office for 3-4 working days per week.. Expected working hours will be 7 hours a day from 8:30AM to 4:30PM, PDT, five (5) days per week.

Senior IT Security Engineer
Department Overview
The Technology team serves as a strategic partner to business units across the organization. The team enables critical business processes and operational activities through the delivery of secure, scalable, and innovative technology solutions. Responsibilities include developing digital capabilities, modernizing services and products, supporting collaboration and productivity platforms, and maintaining the infrastructure, systems, business applications, and advanced technologies that support front-, middle-, and back-office operations.
Position Summary
Reporting to the Manager, DevSecOps, the Senior IT Security Engineer is responsible for security processes, technologies, and initiatives of medium to high complexity. This role plays a key part in defining security requirements and designing, implementing, and maintaining security solutions across enterprise environments.
The successful candidate will collaborate with cross-functional teams in an Agile and hybrid work environment to support the delivery of secure, high-quality technology solutions. This position requires strong technical expertise in application security, cloud security, secure software development practices, and vulnerability management.
Qualifications

• Bachelor's degree in Information Technology, Engineering, Computer Science, or a related discipline.
• Minimum of 8–10 years of progressively senior experience in technical roles focused on information security, security engineering, and related projects.
• Strong expertise in secure software engineering principles and practices.
• Experience securing cloud environments, particularly Microsoft Azure.
• Excellent customer service, communication, listening, and problem-solving skills.
• Demonstrated ability to design and implement programs that measure, improve, and sustain security posture across complex enterprise environments.
• Ability to communicate complex security concepts and develop security requirements and user stories for both technical and non-technical stakeholders.
• Experience working within Agile methodologies (Scrum) and DevSecOps practices is considered an asset.

Technical Skills Requirements
Required
Strong hands-on experience with:

• Selection, implementation, and operationalization of application security testing tools, including SAST, DAST, IAST, and SCA within enterprise CI/CD pipelines.
• Secure API design and security controls, including OAuth 2.0, OpenID Connect, and API gateway security.
• Secure coding practices, threat modeling, and ethical hacking techniques.
• AI/ML application security, including prompt injection prevention, model security, and emerging AI-related threats.
• Vulnerability assessment, remediation, and reporting processes.

Preferred Additional Skills

• Proficiency in one or more programming languages such as Python, JavaScript/TypeScript, Java, C#, or Go.
• Authentication, authorization, and encryption technologies.
• Identity and privileged access management for on-premises, cloud, and hybrid environments.
• Application security and encryption solutions.
• Web application proxy technologies, including SSL/TLS decryption.
• Penetration testing and vulnerability assessment methodologies.
• Platform and infrastructure security.
• Industry certifications such as GWAPT, GWEB, CSSLP, CEH, OSWE, or equivalent experience.

Key Responsibilities
Application Security

• Lead the evaluation, selection, implementation, and optimization of SAST, DAST, IAST, and SCA tools, including integration into CI/CD pipelines.
• Develop remediation guidance, standards, procedures, and runbooks for security findings.
• Partner with DevSecOps and development teams to establish and maintain secure coding standards, security guidelines, and training materials.
• Conduct application security assessments, architecture reviews, and threat modeling exercises for new and existing solutions.
• Serve as a security subject matter expert within Agile development teams and promote a security-first culture.
• Produce technical documentation, security designs, and reports supporting security initiatives.
• Assess, triage, and prioritize application security vulnerabilities and work closely with development teams to facilitate remediation.
• Develop and maintain automated security testing capabilities to support continuous assurance and monitoring.
• Conduct security risk reviews of software, SaaS solutions, third-party technologies, and internally developed code.
• Monitor emerging threats, vulnerabilities, and attack techniques related to application security, AI/ML technologies, and cloud environments, recommending mitigation strategies where appropriate.
• Define technical security requirements and provide guidance throughout solution design and implementation phases.
• Collaborate with application, operations, infrastructure, and product teams to ensure secure-by-design solutions.
• Mentor and support team members in application security practices, tools, and methodologies.
• Identify security risks, issues, and barriers proactively, and recommend practical solutions.
• Tune and validate security testing tools to ensure accurate, actionable, and meaningful results.
• Support security monitoring activities and participate in incident response as a subject matter expert.
• Perform other related duties as required.

Core Competencies

• Security-first mindset
• Developer enablement and advocacy
• Continuous learning and adaptability
• Cross-functional collaboration
• Analytical problem-solving and troubleshooting
• Technical documentation and knowledge sharing
• Mentoring, coaching, and knowledge transfer

For more current job opportunities, Follow MatchBox at linkedin.com/company/matchbox-recruitment/

_________________________

About MatchBox

Headquartered in downtown Vancouver and serving clients nationally, MatchBox is one of the leading recruitment and solutions firms that specializes in the fields of IT & Technology, Engineering & Technical, Real Estate & Construction, and Accounting & Finance. We offer unrivaled expertise with our team's extensive experience in the recruitment and professional services industry. We are dedicated to building great connections and creating strong opportunities within the workforce and the labor market.

Equal Opportunities

MatchBox is committed to providing equal opportunities for all applicants. We welcome and encourage applications from people of all backgrounds, including members of minority groups such as racialized individuals, people with disabilities, LGBTQ+ individuals, and Indigenous peoples. It is a priority for us that all candidates are treated fairly and without discrimination. Our recruitment teams receive ongoing training on using objective criteria for evaluating candidates and other related topics to create an inclusive and welcoming environment for all.

Work Permits

Please note that we require all interested candidates to obtain the necessary work permits from the Government of Canada prior to submitting an application. This position is open exclusively to individuals residing in Canada and legally authorized to work in Canada. Applications not meeting these criteria will not be considered.

Further Consideration

We receive a high volume of applications and are only able to contact candidates who are selected for further consideration.

Find out more at www.matchboxhr.com