Senior Security Engineer

Location : Ottawa, CanadaThales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.

This is a hybrid position Senior Security Engineer / Security Architect located in Ottawa, ON with 3 days in the office.

Position Summary

Thales Cloud Protection and Licensing (CPL) is securing the world’s cryptographic infrastructure – the keys, the algorithms, and the business logic. We are safeguarding some of the biggest names in technology and are securing over 80% of the world's banking transactions. Our Security Engineers are part of a global team supporting product development as subject matter experts in topics such as threat modeling, security architecture, secure coding, cryptography, and vulnerability assessment. We assist in all elements of product security; help teams make risk-based decisions; and educate and elevate the security maturity of the teams in a manner that will scale.

Key Areas of Responsibility

• Function as a technical security architecture and security engineering resource in support of products and initiatives in CPL Data Protection & Identity and Access Management product lines.
• Work closely with security champions and product teams to enable and support risk-based decision-making that pragmatically balances security, performance, and compliance to ensure that products are not just secure, but usable for real world use cases.
• Educate the engineering organization to improve their security maturity, awareness, and judgement during all phases of product development.
• Contribute to the development of a high quality product security program to help address CPL’s top product security priorities, including research, selection, and implementation of tooling and process improvements.
• Act as a mentor to Security Champions and Security Engineering Team members.
• Research and provide analysis on security trends, products, and the evolving threat landscape.
• Explore security topics that interest you and develop your skills in those areas.

Basic Qualifications

• Bachelor’s degree (Masters preference) in information security, information technology, computer science, computer engineering or another equivalent field of study; or equivalent work experience.
• 6+ years of experience in solving challenging security problems using knowledge and / or skills in multiple security domains, including threat modeling / risk assessment, applied cryptography, code review, and tool development / usage / deployment
• Experience building tools / products in at least one high-level programming language, and how to read (and break) code in languages such as C / C++, Java, or Go.
• Ability to collaborate successfully in a team environment, be sensitive to needs of the teams, and effectively develop relationships across disciplines.
• Demonstrated verbal and written communications skills.

Experience in one or more of the following domains :

Security of IoT devices, embedded systems, or HSMs

Understanding or experience with hardware security and attack techniques such as physical tampering, counterfeiting, side-channel attacks, or glitching

Developing, deploying, and / or automating security tools to identify security flaws in products.

Experience with security testing, CICD Pipelines, and automation

Experience with software development, modern programming and frameworks, and agile development practices

Experience with web application security technologies, frameworks, protocols, API Security, mitigation techniques, and potential pitfalls.

Experience with cloud deployments, GCP or other cloud platforms, cloudtechnologies such as Kubernetes, and relevant security concepts.

Physical Demands

• Prolonged periods of working on a computer.

Special Position Requirements

• Core business hours Monday-Friday, with occasional availability for meetings with non-US time zones, including Europe, India and Asia-Pacific.
• Physical Environment : Ottawa Office / Smart Working
• Ability to travel occasionally (up to 10%) for team meetings or conferences.

What We Offer

Thales provides an extensive benefits program for all full-time employees working 24 or more hours per week and their eligible dependents, including the following :

Company paid Extended Health, Dental, HSA, Life, AD&D, Short-term Disability, Cancer Care Program, travel insurance, Employee Assistance Plan and Well-Being program.

Retirement Savings Plans (RRSP, DCPP, TFSA) with a company contribution and a match to a DCPP, with no vesting period.

Company paid holidays, vacation days, and paid sick leave.

Voluntary Life, AD&D, Critical Illness, Long-Term Disability.

Employee Discounts on home, auto, and gym membership.

Why Join Us?

Say HI and learn more about working at Thalesclick here.

LI-WM1

LI-hybrid

Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.