FullscriptRemote
Cloud Security Engineer
Canada
Full Time
1 hour ago
$100,000 - $110,000 CAD
No Sponsorship
Key skills
AWSCloudGraphQLJavaScriptPythonRubyRuby on RailsTerraformTypeScriptGoAIMLLLMRailsGoogle CloudIAMPrismaSaaSCI/CDCommunicationCollaborationCloud Security
About this role
Role Overview
- Design and implement cloud security controls across AWS and Google Cloud, including multi-account architecture, network segmentation, data protection, and secure-by-default infrastructure patterns.
- Build reusable Terraform modules, reference architectures, policy-as-code guardrails, and self-service tooling that make secure implementation easier for engineering teams.
- Operate and tune CSPM/CNAPP tooling to identify misconfigurations, exposures, toxic combinations, and coverage gaps across Fullscript’s cloud environments.
- Drive remediation of cloud vulnerabilities and misconfigurations, balancing risk, engineering effort, customer impact, and business priorities.
- Strengthen IAM, secrets management, key rotation, cloud credentials, machine identities, and just-in-time access patterns across cloud and SaaS environments.
- Embed security into CI/CD pipelines through IaC scanning, container image scanning, SBOM generation, artifact protection, and software supply chain controls.
- Partner with the SOC and engineering teams on cloud-native detections, logging, runbooks, incident response, post-incident learning, and secure AI/ML workload patterns.
Requirements
- 4+ years of security engineering experience, including 2+ years focused on cloud security in AWS and/or Google Cloud.
- Strong understanding of cloud-native attack paths, IAM risks, network controls, data protection, key management, secrets management, and workload identity.
- Hands-on experience with infrastructure-as-code, ideally Terraform, and a strong understanding of how to secure it at scale.
- Ability to write code in Python, Go, or a similar language to automate detection, remediation, and security workflows.
- Experience integrating security tooling into CI/CD pipelines and developer workflows without creating unnecessary friction.
- Working knowledge of at least one compliance framework such as SOC 2, HIPAA, HITRUST, PCI-DSS, or ISO 27001, with the ability to translate requirements into technical controls.
- Strong communication and collaboration skills, with a bias toward enabling teams, influencing without authority, and helping engineers build securely.
- Bonus if you have
- Experience in healthcare, fintech, or another regulated environment.
- Hands-on experience with CSPM or CNAPP tools such as Wiz, Prisma Cloud, Lacework, or similar platforms.
- Experience securing Ruby on Rails, JavaScript, TypeScript, GraphQL, containerized workloads, or modern cloud-native applications.
- Cloud incident response, forensics, or threat hunting experience.
- Experience securing AI/ML workloads, LLM integrations, data science platforms, autonomous AI systems, or non-human identities.
- Familiarity with AI/ML model supply chain risks, AI-specific SBOMs, or controls for limiting blast radius and privilege escalation.
- Open-source contributions or experience building internal security tooling.
Tech Stack
- AWS
- Cloud
- GraphQL
- JavaScript
- Python
- Ruby
- Ruby on Rails
- Terraform
- TypeScript
- Go
Benefits
- Remote-first flexibility to work where you work best, with Ottawa, Toronto, Calgary, or Vancouver preferred for this role.
- Flexible PTO and competitive pay, because work-life balance matters
- RRSP/401k match and stock options to invest in your future
- Premium benefits package with customizable coverage, paramedical services, and an HSA.
- Fullscript discounts to save on high-quality wellness products
- Continuous learning opportunities to grow your skills and career