Cloud Security Engineer

Cloud Security Engineer

Location: Toronto, ON

Hybrid: 3 days in office

Salary: $100,000.00 + per annum

Years of experience: 5+ years related experience in Cloud Security Engineering roles

• Design, deploy, and refine Zero Trust security architectures for Azure and Microsoft 365 environments.
• Implement and manage identities and access using Microsoft Entra (MFA, SSO, PIM, etc.).
• Implement and manage Microsoft Intune for device management, including endpoint security, compliance policies, and secure device management.
• Implement and manage Microsoft Co-Pilot to enhance AI and automation capabilities for operational and integration work.
• Deploy, configure, and maintain Azure Security services (Azure Security Center, Azure Policy, Key Vault, Privileged Identity Management, Conditional Access, MFA, etc.).
• Manage and optimize Defender for Cloud (CSPM).
• Develop, test and support security baselines, RBAC policies and compliance policies through security posture assessments across Azure workloads and endpoints aligned with compliance frameworks (CIS, NIST, ISO, etc.).
• Support threat modeling, risk assessments, and incident response activities to reduce risk exposure.
• Support audit, governance, and compliance reporting using Microsoft security and compliance solutions.
• Familiarity with WAFs and firewalls.
• Provide technical guidance, security automation, and mentoring to colleagues.
• Hands-on experience with the following technologies and tools.
• Microsoft Intune (endpoint / device security, compliance, app protection).
• Co-Pilot for automation.
• Defender suite (Cloud, Endpoint, Identity).
• Azure AD, Conditional Access, MFA, RBAC, Key Vault.
• Strong background in Azure Policy, Blueprints and security baselines.
• Support VPNs, firewalls, WAFs within the Azure environment.
• Support Sentinel SIEM / SOAR (analytics, rules, automated playbooks).
• PIM (Privileged Identity Management).
• Experience in vulnerability management, systems hardening, orchestration/automation (PowerShell, Azure CLI, Terraform, Python).
• Support incident response in M365 and Azure framework.
• Good knowledge of compliance frameworks (CIS, NIST, ISO27001, GDPR, etc.).
• Excellent problem solving, written and communication skills.
• Bonus: Familiarity with Qualys, LanSweeper, Global Secure Access, Purview.

• Certifications:
• AZ-500: Microsoft Azure Security Technologies
• SC-200: Microsoft Security Operations Analyst
• SC-100: Microsoft Cybersecurity Architect (Preferred)
• Microsoft Certified: Endpoint Administrator / Intune Specialist
• Experience with cloud-native security across multi-cloud (Azure, AWS, GCP).
• Familiarity with Zero Trust Architecture and modern endpoint management.

Other similar job titles: Azure Engineer, Cloud Security Operations Engineer, Cloud Security Consultant.

TPH operates 65 production centres across Canada to serve our customers where and when they need it. Locally produced, in the exact quantity that our customers require, and delivered when and where they need it. TPH has been named North America's most forest-friendly printer and one of Canada's Greenest Employers.

TPH is committed to a diverse and inclusive workplace where everyone is respected and valued for their contributions and has opportunity to grow and develop. TPH will provide accommodation throughout the recruitment process upon request. If you require accommodation, please notify us and we will work with you to meet your needs.