Senior Security Engineer

Toronto (hybrid)

Full time

Hybrid

Engineering

• CA$181,011 – CA$274,246 • Offers Equity

The salary range provided reflects the compensation that EvenUp reasonably expects to offer for this role. The specific salary within this range will be determined based on various factors, including the candidate's relevant experience, education, skills, location, and alignment with the role's responsibilities.

EvenUp is on a mission to close the justice gap using technology and AI. We empower personal injury lawyers and victims to get the justice they deserve. Our products enable law firms to secure faster settlements, higher payouts, and better outcomes for victims injured through no fault of their own in vehicle collisions, accidents, natural disasters, and more.

We are one of the fastest-growing vertical SaaS companies in history, and we are just getting started. EvenUp is backed by top VCs, including Bessemer Venture Partners, Bain Capital Ventures, SignalFire, and Lightspeed. We are looking to expand our team with talented, driven, and collaborative individuals who seek to have a lasting impact. Learn more at www.evenuplaw.com.

This is a hybrid role, with an expectation of being in our Toronto office three days per week.

EvenUp’s infrastructure team is growing rapidly to support the company’s mission of ensuring personal injury victims receive fair compensation. With ambitious goals to double the size of our engineering team by the end of 2026, we are looking for a hands‑on Senior Security Engineer to lead and scale our security efforts. You’ll work across functions to design and maintain secure infrastructure, evaluating whether to build or buy solutions as we grow. Your work will be critical in safeguarding our AI‑native document generation platform, trusted by attorneys with over $1.5B in damages claimed to date.

As a Senior Security Engineer at EvenUp, you will set security strategy, collaborate with cross‑functional partners, and drive major initiatives that secure customer data, our products, and our company’s reputation.

• Risk Management: Identify and address security risks through comprehensive assessments, mitigation strategies, and execution.

• Code and Network Security: Ensure secure coding and implement systems to protect against unauthorized access and data breaches.

• Incident Response: Develop and execute incident response plans, conduct forensic analysis, and take preventive measures.

• Compliance and Ethics: Maintain compliance with regulations and industry standards, promote transparency, and address ethical concerns.

• Continuous Monitoring: Establish real‑time monitoring systems, conduct regular assessments, and proactively respond to threats.

• Vendor & Third‑Party Security: Evaluate and secure third‑party integrations to prevent vulnerabilities.

• Security Training: Educate and raise awareness for security best practices across the engineering team.

• Documentation & Reporting: Maintain up‑to‑date documentation on protocols, incidents, and improvements; report regularly to stakeholders.

• 5+ years in a security‑focused engineering role, with hands‑on technical architecture, implementation, and oversight experience

• Expertise in SAST/DAST, application security, and CI/CD pipeline integration

• Deep knowledge of AI‑specific threats (prompt injection, model poisoning, membership inference, adversarial perturbation, output manipulation)

• Experience implementing security principles, operating system and web application security, and familiarity with the OWASP Top 10 and common threat tactics

• Knowledge of next‑generation security technologies (SASE, CASB, RASP)

• Hands‑on experience with patch management, software supply chain security, and artifact repositories (e.g., JFrog, Snyk)

• Strong programming or scripting skills in at least one language (e.g., Python, Ruby, Node.js)

• Relevant cybersecurity certification (CISSP, CISM, CISA, CRISC, GIAC, etc.)

• Up‑to‑date on technology and vulnerability trends; ability to secure cloud computing applications and ecosystems

• Application/infrastructure‑level security design experience, including modern mitigation techniques (e.g., DNS‑SEC, cryptographic fundamentals)

• Strong automation skills with Python

• Infrastructure‑as‑code or configuration management language fluency

• Security controls design and implementation experience

• GCP security architecture exposure

• Security compliance implementation (SOC2, HIPAA, CCPA)

• Penetration testing (web and infrastructure)

• Data loss prevention (DLP)

• Experience with Kubernetes

#LI-Hybrid

Notice to Candidates:

EvenUp has been made aware of fraudulent job postings and unaffiliated third parties posing as our recruiting team – please know that we have no affiliation or connection to these situations. We only post open roles on our career page evenuplaw.com/careers or reputable job boards like our official LinkedIn or Indeed pages, and all official EvenUp recruitment emails will come from the domains @evenuplaw.com, @evenup.ai, @ext-evenuplaw.com, no‑reply@ashbyhq.com or no‑reply@canditech.io email addresses.

To ensure fairness and proper consideration, we do not accept resumes or expressions of interest via email or social media messages. If you’re interested in a role, please submit your application directly through our careers page.

If you receive communication from someone you believe is impersonating EvenUp, please report it to us at talent-ops-team@evenuplaw.com. Examples of fraudulent domains include “careers-evenuplaw.com” and “careers-evenuplaws.com”.

Benefits & Perks:

As part of our total rewards package, we offer attractive benefits and perks to our employees, including:

• Choice of medical, dental, and vision insurance plans for you and your family

• Additional insurance coverage options for life, accident, or critical illness

• Flexible paid time off, sick leave, short‑term and long‑term disability

• 10 US observed holidays, and Canadian statutory holidays by province

• A home office stipend

• 401(k) for US‑based employees and RRSP for Canada‑based employees

• Paid parental leave

• A local in‑person meet‑up program

• Hubs in San Francisco and Toronto

EvenUp is an equal opportunity employer. We are committed to diversity and inclusion in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Compensation Range: CA$181,011 - CA$274,246