Job Description

Flexiti is one of Canada’s fastest growing fintech lenders. We aim to make our customers’ lives more affordable and help our retail partners grow their sales by offering flexible financing options. Through our award-winning omni-channel platform, customers can be approved instantly to shop with their FlexitiCard®, which they can use online or in-store to make multiple purchases, within their credit limit, without needing to reapply.
At Flexiti, we work hard, we love what we do, and we have some fun along the way! If you are looking for an energizing and innovative work environment with great people and big ideas, we’d love to have you join us! To learn more about Flexiti, please visit www.flexiti.com
This position is remote capable within Canada
General Description The Security Engineer’s role is to develop and maintain design plans for the overall logical and technical IT security architecture. The incumbent must provide technical leadership and consulting expertise across the organization, from the point of strategic decision making down to project planning and execution. The Security Engineer is also responsible for presenting findings and recommendations at all levels within the company to gain commitment for high-level security plans, as well as initiating and participating in projects to evaluate various technologies and methods for successfully implementing those plans. The incumbent will help bring Flexiti’s vision to life; someone who is passionate about assessing and designing enterprise security systems for on premise and cloud platforms.
Functional Alignment The Sr. Security Engineer conducts a broad range of analyses, defines architectures and solutions, and provides technical recommendations with respect to specific IT service delivery functions defined within the Flexiti Security Service Strategy and Service Design categories, including:

• Architecture Management
  • Defining a blueprint for the future development of the technological landscape, taking into account the service strategy and newly available technologies. The incumbent will be domain expert with business acumen that align to Flexiti’s business strategies on digital transformation and cloud adoption
• Demand Management
  • Understanding and anticipating internal client demand for services. Demand Management is coupled with Capacity Management to ensure that the level of IT provisioning is sufficient to meet the required demand.
• Availability Management
  • Defining, analyzing, planning, measuring and improving all factors related to the availability of IT services thereby ensuring that the IT applications, infrastructure, processes and tools are appropriate for maintaining agreed availability targets.
• Architectural Governance
  • Develop Flexiti’s security Architectural Governance in alignment with Corporate Governance by developing guidance on effective and equitable usage of resources to ensure sustainability of Flexiti’s strategic objectives.
• Application Security
  • Ensure all Flexiti’s applications are developed in a secure manner.

Core Responsibilities Strategy & Planning

• Maintaining an in-depth knowledge of company’s strategic business plans.
• Providing architectural consulting expertise, direction, and assistance to Business Systems Analysts, Business Solutions Architects, Infrastructure team, and Application Developers.
• Evaluating and documenting the company’s existing security architecture and technology portfolio.
• Identify potential sources of application security risk, prioritizing them based on risk impact.
• Developing and documenting multiple options for revised IT architectures and changes to the technology portfolio, with recommendations for security optimization and cost/benefit analyses for each option.
• Provide guidance on Threat Assessment and Response initiatives in alignment with the strategic and operational objectives of the technology organization and the business.
• Understanding and articulating to key stakeholders how information aspects of the Security Architecture help achieve business strategy.
• Developing, documenting, communicating and enforcing a technology standards policy.
• Conducting research on emerging technologies in support of infrastructure development efforts, and recommending technologies that will increase cost effectiveness and infrastructure flexibility.
• Designing, developing and overseeing implementation of end-to-end integrated security systems.
• Identifying where change is required (development of a Gap mitigation plan) in order to keep the Security Architecture vital, sustainable and ready to support business capabilities.
• Ensuring alignment between different domains of IT architecture.
• Defining the Security Architecture framework in order to have non-redundant, integrated, cost-effective solutions with a common foundation for all system.
• Help define and articulate a strategic roadmap to enable Flexiti`s current and future security needs, based on the IT strategic roadmap and Business strategy.
• Support other domain architects - Address technical architectural issues throughout the construction of a solution to ensure that it remains true to the defined technical solution architecture.

Operational Management

• Collaborating with end users and senior management to define business requirements in support of complex systems development efforts and to gain buy-in for all technology plans.
• Accountable to engage with the organization and IT team to identify and prioritize continuous improvement in Cyber response capabilities.
• Provide guidance for the delivery of the Cyber Incident Response Program.
• Work with external (Third parties) and internal clients (Internal Audit) to remediate identified gaps.
• Reviewing new and existing IT projects, systems designs and procurement/outsourcing plans for compliance with IT standards and architectural plans.
• Providing guidance to junior members of the team.
• Occasional after-hours work required.
• On-Call availability is required.

Position Requirements Formal Education & Certification

• University degree in Computer Science, Engineering, Mathematics or a related disciple.
• Security, infrastructure and application design certifications preferred.
• CISSP, CEH, CISM, OSCP, and other certification are preferred.

Knowledge & Experience

• 10+ relevant experience, with 5+ years work experience as an Security Engineer/Architect.
• Extensive knowledge in application security principles.
• Good working knowledge application security testing methodology such as SAST & DAST
• Good working knowledge of OWASP standards.
• Working knowledge of application Security tools such as SonarQube and Veracode
• Good understanding of the architectural principles of cloud-based platforms including IaaS, PaaS and SaaS. In AWS and Azure.
• Good understanding of cloud security.
• Hands-on experience with business requirements gathering and analysis.
• Proven experience in systems design and development.
• Strong understanding of information processing principles and practices.
• Working knowledge of security standards (ISO 27001, NIST 800-53, etc.) frameworks (NIST Cybersecurity, etc.) and regulations (particularly in financials) is preferred.
• Solid knowledge of network technologies, hardware platforms and operating systems.
• Solid understanding of security requirements through entire technology stack and current software, protocols and standards.
  
• Excellent knowledge of hardware and software evaluation principles and practice.
• Knowledge of multiple programming languages, development methodologies and enterprise security practices.
  
• Proven project planning and management experience.
• Strong knowledge of Cyber Simulations, Threat Modelling, and Penetration testing
• Good knowledge of applicable data privacy practices and laws.
• Exceptional analytical, conceptual, and problem-solving abilities.
• Excellent understanding of the organization’s goals and objectives

Flexiti embraces diversity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. All qualified applicants will receive consideration without regard to race, ancestry, place of origin, colour, ethnic origin, citizenship, creed, sex, sexual orientation, gender expression, disability, age, marital status, or family status. If you require disability-related accommodation during the application or interview process, simply let us know and we’ll work with you to ensure you have a positive experience.