Senior Cloud Security Engineer

BMO U.S. is seeking a Senior Cloud Security Engineer who will design and implement security solutions for systems across AWS, Azure, and AI/ML platforms. The role involves developing secure cloud architectures, advising on cybersecurity risks, and ensuring compliance with security governance practices.

Responsibilities:

• Assess, design, implement, automate, and document security solutions, controls, and processes for Amazon Web Services (AWS) and Microsoft Azure cloud platforms
• Develop and maintain security patterns for cloud platforms and services; assess all cloud patterns to ensure adherence to best security practices and controls
• Design and implement security baseline controls for Cloud Services for integration into the CI/CD process
• Build and deliver policies as code, automating security controls and best practices
• Review and approve code and changes with security implications (e.g., IAM Roles and Policies, Security Groups, etc.)
• Be the cloud security subject matter expert for the Cloud Engineering group and its partners in any IaaS, PaaS, and SaaS implementations
• Define and implement a security framework for AI/ML systems, covering the full model lifecycle from data ingestion and training to deployment and monitoring
• Assess and mitigate AI-specific threats including adversarial attacks, model inversion, data poisoning, prompt injection, and model theft
• Evaluate and secure AI/ML platforms and tools (e.g., Amazon SageMaker, Azure Machine Learning, Hugging Face, OpenAI APIs) against organizational risk standards
• Collaborate with data science and AI engineering teams to integrate security controls into MLOps pipelines, ensuring model integrity, access controls, and auditability
• Monitor emerging AI threat landscapes and regulatory developments (e.g., EU AI Act, NIST AI RMF) and translate these into actionable organizational controls
• Implement and manage data security posture management (DSPM) tools to continuously monitor sensitive data exposure across cloud environments
• Establish controls for structured and unstructured data stores, including databases, data lakes, data warehouses (e.g., Snowflake, AWS S3, Azure Data Lake), and file sharing platforms
• Drive the adoption of data-centric security practices within application development and analytics teams
• Provide subject matter expertise on architecture, authentication, and systems security based on a clear understanding of the engineering stack, services, and data flow
• Lead focused and continuous cybersecurity risk assessments of new and existing technologies - including AI/ML systems and data platforms - to identify risks and appropriate controls that balance security and operability
• Provide effective and pragmatic cybersecurity guidance upfront in major technology projects to enable the business to innovate securely
• Assist in the investigation and remediation of security incidents and issues, including those involving AI model compromise or data breaches
• Work closely with Information Security, product, and software development teams to assess cybersecurity risk and recommend solutions in cloud, AI, and data environments

Requirements:

• A university degree in Engineering, Computer Science, Information Technology, or a related field
• 7-10 years of experience developing and implementing security architectures and/or engineering, with demonstrated breadth across cloud, data, and/or AI security domains
• Security certifications such as CISSP, CCSP, CCSK, or any Cloud Security Specialty certification (e.g., AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer Associate)
• Demonstrated knowledge of cloud architecture, cloud operations, cloud-based identity and access management, security automation, and orchestration
• Extensive experience with cloud-native security solutions and tools (e.g., AWS Security Hub, AWS GuardDuty, Microsoft Defender for Cloud, Azure Sentinel)
• Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 27001, ISO 27017, and NIST CSF
• Working knowledge of AI/ML development frameworks and platforms (e.g., TensorFlow, PyTorch, SageMaker, Azure ML) and associated security risks
• Familiarity with the OWASP Top 10 for LLMs, MITRE ATLAS, and NIST AI Risk Management Framework (AI RMF)
• Understanding of MLOps pipeline security, including securing model registries, feature stores, training environments, and inference endpoints
• Knowledge of Generative AI security risks, including prompt injection, jailbreaking, data leakage via LLMs, and supply chain risks in AI model dependencies
• Experience implementing data loss prevention (DLP), data classification, and data access governance solutions in enterprise environments
• Knowledge of DSPM tools and practices
• Understanding of data encryption at rest and in transit, tokenization, and key management for large-scale data environments
• Familiarity with data privacy regulations (e.g., PIPEDA, GDPR, CCPA) and their technical implementation requirements
• Experience securing cloud-based data platforms such as Snowflake, Databricks, AWS Redshift, Azure Synapse, or equivalent
• Firm grasp of networking protocols and operations; comfortable with packet analysis tools such as Wireshark, Burp Suite, nmap, Nessus, and Metasploit
• Knowledge of theoretical and applied cryptography, key management, and cryptographic algorithms (RSA, AES, TLS, PKI, etc.)
• Knowledge of Identity and Access Management (IAM) concepts including SSO, SAML, federated identity, RBAC, and OAuth/OIDC
• Strong scripting and programming skills with experience in Python, PowerShell, Bash, Node.js, and API/webhook development
• Experience with Infrastructure as Code (IaC) security scanning tools (e.g., Checkov, tfsec, Prisma Cloud)
• Demonstrable internal and external relationship-building skills with the ability to clearly articulate complex security concepts across a diverse corporate culture
• Ability to lead in-depth workshops across a broad range of topics including cloud compliance, AI risk, and data governance
• Strong ability to influence decision-making at senior leadership levels
• Strong interpersonal, communication, and leadership skills
• A critical thinker with strong research, analytical, and problem-solving skills
• Self-motivated with a positive attitude and an ability to work independently and within a team
• Ability to communicate complex technical concepts to a broad range of internal and external stakeholders, including business, legal, compliance, and technology leaders
• Strong time management skills with the ability to manage multiple workstreams and mentor less experienced team members
• Emerging/preferred: Certifications or demonstrated knowledge in AI security (e.g., CDAI, CompTIA AI+, or equivalent vendor-specific AI security training) or data security (e.g., CDPSE, CIPP)