Policy Engineer, CNAPP Product

Requisition ID: #

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Team:

TheEnterprise Security Servicesteam is a dynamic group of cloud security professionals driving innovation and resilience across the organization’s cloud environments. Embedded within theCloud & Platform Engineering (CAP) Program, the team plays a pivotal role in theCloud Native Application Protection Platform (CNAPP)strategy, with a strong focus onCloud Workload Protection Platform (CWPP) and Kubernetes Security Posture Management (KSPM).

We work at the intersection ofsecurity, engineering, and compliance, collaborating closely with platform teams, architects, and risk stakeholders to define and enforce scalable, policy-driven controls. Our mission is to empower secure cloud adoption through automation, transparency, and continuous improvement—ensuring that security is not a blocker, but a built-in enabler of innovation.

The Role:

As aPolicy Engineerwithin theEnterprise Security Servicesteam, you will play a strategic and hands-on role in shaping the security posture of our cloud environments. This position is central to the success of ourCloud Workload Protection Platform (CWPP) and Kubernetes Security Posture Management (KSPM)initiatives, supporting the broaderCloud Native Application Protection Platform (CNAPP)roadmap.

You will be responsible for translating complex regulatory, architectural, and risk requirements into actionable, scalable cloud security policies. Working closely with platform engineering, cloud architects, and Policy-as-Code teams, you will ensure that security controls are seamlessly integrated into CI/CD pipelines and cloud-native workflows.

This role demands a strong technical foundation inGCP or Azure, hands-on experience with tools likeWiz, SCCE, and Terraform, and a deep understanding ofpolicy-as-codeprinciples. You’ll also collaborate with compliance and audit teams to ensure traceability and alignment with industry standards, while continuously optimizing policy effectiveness through data-driven insights.

If you're passionate about cloud security, policy automation, and enabling secure innovation at scale, this role offers a unique opportunity to make a meaningful impact.

Is this role right for you? In this role, you will:

-Design and implement cloud security policiesthat align with regulatory standards, technical design documents, and enterprise risk frameworks.
-Collaborate with cross-functional teamsincluding platform engineering, cloud architecture, and Policy-as-Code teams to ensure seamless policy integration and enforcement.
-Translate control objectives into actionable policiesusing tools like Open Policy Agent, Terraform, and CSPM platforms such as Wiz and SCCE.
-Support policy lifecycle management—from intake and triage to validation and deployment—ensuring alignment with the CNAPP product roadmap.
-Work closely with compliance and audit teamsto ensure traceability of policies to frameworks like CIS benchmarks and provide documentation for regulatory reviews.
-Monitor and report on policy effectiveness, exceptions, and violations to drive continuous improvement and risk reduction.
-Champion automation and scalabilityby embedding security controls into CI/CD and IaC pipelines, enabling secure development without friction.


Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

-3–5 years of hands-on experiencein cloud security, platform engineering, or policy implementation—preferably inAzure or GCPenvironments.
-Proficiency withCloud Security toolssuch asWiz, SCCE, Defender, Prisma, or Datadog.
-Experience withPolicy-as-Code frameworkslikeOpen Policy Agent (OPA)andTerraform validations.
-A strong understanding ofregulatory frameworks(e.g., CIS benchmarks, NIST, ISO) and how they translate into technical controls.
-A collaborative mindset with the ability to work acrossengineering, architecture, compliance, and risk teams.
-Excellentcommunication skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
-A passion forautomation, scalability, and continuous improvementin cloud security operations.
-A bachelor's degree or equivalent experience in a related field.


What's in it for you?

-Diversity, Equity, Inclusion & Allyship-We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
-Accessibility and Workplace Accommodations- We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
-Upskillingthrough online courses, cross-functional development opportunities, and tuition assistance.
-Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
-Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!


Location(s): Canada : Ontario : Toronto
Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.
At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.