Senior Security Engineer

TRADER Corporation is a trusted Canadian leader in online media, dealer and lender services. The company is comprised of AutoTrader.ca, AutoSync and Dealertrack Canada. AutoTrader.ca (AutoHebdo.net in Quebec) offers the largest inventory of new and used cars in Canada, receiving over 25 million monthly visits to its marketplace. With over 3,500 subscribers and counting, AutoSync is the largest and fastest growing dealer and OEM software provider in Canada. The platform's suite of connected automotive software solutions brings advertising, conversion and operational support together, synchronizing the entire retail process.

Be part of our Information Security team that is a highly skilled group supporting all our teams to build and run secure digital products. We have understood that cyber security is an essential part of our business and including it in all our initiatives is natural. We are looking for Security Engineers that really care – for you!

What You'll Do:

1. Leads the design and development of security products and ensures they integrate smoothly with the technology best-practices, product segments way of work, cross-functions customer perspective.
2. Evangelizes the use of the security products their team provides and consults other teams on use-cases and best practices especially with regards to platform model and standardization.
3. Helps define security best practices and increases company-wide adoption.
4. Leads the technical design of the products being built within the team.
5. Leads knowledge-sharing, quality improvement and customer adoption improvements.
6. Responsible for multiple technical areas or processes within the team. Leads technical discussions and improvements around them.
7. Takes end-to-end ownership for one or more technical areas’ security products developed within the team, participates on the on-call setup within Information Security department and troubleshoots security incidents.
8. Occasionally acts as a security incident commander as defined in the Security Incident Management process.

What We're Looking For:

1. Genuine interest and passion for Security.
2. Strong knowledge of attack vectors and defense strategies (e.g. OWASP Top 10).
3. Hands-on experience on building secure architectures leveraging open-source solutions.
4. Hands-on experience in AWS Cloud security architecture and development.
5. Deep experience working with software engineers and providing security consultancy in the SDLC process.
6. Deep understanding of SAST, DAST and their use in development pipelines.
7. Proficiency with at least one programming language (preferably Python but it's not a must).
8. Experience with our stack of technologies:

• AWS
• CloudFormation
• ECS
• ELK stack
• Docker
• Kubernetes
• Different SaaS solutions (e.g. GitHub, Auth0)
• Tomcat/JVM based stacks
• Python based backend tools

If this appeals to you but you are in doubt about how exactly your skills match our requirements - we value personality, ambition and an open mind. Don’t hesitate to get in touch and present your personal strengths to us.

What’s in it for you…

We understand that there is life at work and life outside of work. Here are a few benefits we all benefit from that support us to be our creative best.

Fitness and wellness

We provide discounts to nation-wide gyms, onsite gyms (when we’re in the office), an Employee and Family Assistance Program, as well as a virtual wellness program.

Benefits from Day 1

• Gym discounts
• Local in-office free gyms
• Employee and Family Assistance program
• Weekly virtual wellness events
• Conferences & training budget
• Regular internal training programs

Financial planning

Let us help you invest in your future with 3% matching towards your pension and multiple forms of income protection.

Competitive salary

Annual bonus structure, 3% CPP matching.