Information Security Engineer

ROLE

Dentons Canada LLP is currently recruiting for an Information Security Engineer who will be responsible for ensuring the security, integrity, and availability of Dentons Canada information assets. The candidate will contribute to the management and continuous improvement of multiple security programs. The position entails the development, implementation, and maintenance of security controls, through people, processes, and technology, across the organization.

KEY RESPONSIBILITIES & ACCOUNTABILITIES

General

• Implement, maintain, and improve the security posture of the Microsoft 365.
• Maintain operational oversight of our security systems and administer secure configurations for both on-premise and cloud environments.
• Proactively manage system settings to counter evolving threats and safeguard enterprise systems and accounts.
• Actively monitor and assess new and emerging security threats. Recommend tactical and strategic initiatives that mitigate risks and keep our security posture ahead of the curve.
• Prepare and deliver periodic reports that highlight the current security posture of our Information Security Program.
• Ensure that all systems and processes comply with industry-recognized frameworks such as ISO 27001, NIST, CIS, and internal policies.
• Collaborate with IT Infrastructure, Operations, and other stakeholders to design and maintain secure, resilient enterprise-grade processes.
• Ensure that security requirements are integrated into IT services, balancing operational needs with risk management.
• Support regional internal and external audits related to IT security and compliance.
• Work with business services to ensure that security measures are effectively represented in client RFP responses and align with global standards.
• Contribute to the development, evaluation, and implementation of policies, standards, and procedures that meet both business and security requirements.
• Continuously refine technical processes to address the latest threats and compliance mandates.

Security Engineering

• Conduct technical architecture assessments to identify and mitigate risks.
• Translate business requirements into robust technical security controls.
• Develop, implement and maintain cloud security architectures, ensuring operational compliance (Azure expertise is a must).
• Leverage advanced Azure security features to architect and secure cloud deployments, ensuring compliance with best practices and regulatory standards.
• Author technical policies and develop SOPs to support secure architectural practices, with a focus on Azure and hybrid environments.
• Oversee patch deployment and secure configuration baselines for on-premise and cloud environments (Virtual Machines and Operating Systems).
• Ensure timely updates while minimizing downtime and risk.
• Perform regular audits (e.g., CIS, asset management, firewall rule review) to ensure compliance with internal policies and industry best practices.
• Conduct regular reviews and annual audits of firewall rules to ensure compliance with security policies, identify potential risks, and maintain optimal network protection.
• Provide recommendations to address audit findings and improve security controls.
• Develop and maintain secure configuration baselines for servers, endpoints, and network devices.
• Continuously monitor and remediate configuration drift.
• Manage and enhance privilege access controls, focusing on SecretServer or similar PAM solutions.
• Enforce least-privilege principles and monitor privileged accounts.
• Coordinate internal and external penetration testing efforts.
• Analyze results, prioritize remediation activities, and track corrective actions to closure.

Vulnerability Management Program

• Analyze threat and vulnerability feeds data for applicability to the environment and perform compensating controls analysis and validate efficacy of existing controls and provide recommendations.
• Perform security research, analysis, assessments and support with penetration testing and remediation actions.
• Conduct vulnerability assessments to evaluate attack vectors, identify vulnerabilities, and develop remediation plans.
• Work with IT stakeholders to guide and assist them during the remediation process.
• Monitor external security ratings and coordinate improvement efforts.
• Identify and address high-risk areas to strengthen overall security posture.
• Lead monthly vulnerability management meetings, assessments, and remediation coordination.
• Develop metrics and dashboards to track progress and highlight key risk areas.

Security Operations and Incident Management Program

• Assist the SOC team with daily operation of Information Security technologies.
• Assist with creating detailed runbooks and playbooks for incident response that integrate engineered solutions with operational procedures, ensuring quick and consistent responses to security events.
• Offer expert insights during and after incidents to identify root causes, recommend immediate fixes, and suggest long-term security improvements to prevent recurrence.
• Work closely with the security operations team to ensure that engineered systems meet operational needs, participate in incident drills, and provide training on new tools or technologies that enhance incident response capabilities.
• Handle spam/phishing requests, Mimecast URL exceptions, and data loss alerts.
• Act as an active participant within Incident Tabletop exercises.

SKILLS & COMPETENCIES

• Strong written and oral communication skills.
• Strong stakeholder management skills and experience.
• Strong organizational skills with impeccable attention to detail.
• Strong situational analysis and decision-making skills, with experience balancing technical trade-offs.
• Demonstrates how to Act as One by being a team player across the Firm.
• Strong problem solving and analytical skills; can clearly explain and present problems and issues to others and contribute to their resolution.
• Ability to work under pressure and think clearly in challenging situations in a logical manner.
• Ability to be flexible in approach and be comfortable with a fluid organizational structure that requires both teamwork and self-sufficiency as necessary, with the ability to work under minimal supervision.
• Demonstrate initiative and the ability to be proactive, anticipating needs.
• Flexibility to accommodate working in multiple time zones.

EDUCATION, EXPERIENCE & CERTIFICATIONS

• Post-secondary education with a specialization in Information Technology and / or minimum of 6+ years of Information Technology experience in designing, developing, and maintaining IT cybersecurity solutions.
• 6+ years of experience in an Information Security related role with at least 3 years of experience in cloud technologies, vulnerability and penetration testing.
• Advanced knowledge of Azure security features, architecture, and best practices for securing cloud deployments.
• Expertise in deploying patches and maintaining secure configuration baselines across on-premise and cloud environments.
• Proficient in coordinating and executing both internal and external vulnerability assessments and penetration tests.
• Experience in designing secure systems, conducting technical assessments, and translating business requirements into robust security controls.
• Knowledge in developing secure cloud security architectures.
• Competence in auditing systems against defined standards (e.g., CIS, NIST, ISO 27001) and preparing compliance reports.
• Familiarity with ITSM processes for ticket handling and incident response, including developing runbooks and incident playbooks.
• At least one relevant certification such as CISSP, CISM, or from GIAC/ISACA is required.