Job Description

Overview of the role

Join us at PolicyMe! We're modernizing insurance and we’d like your help. The Canadian insurance landscape has remained largely unchanged for decades, and we are in the process of changing that. We're a remote-first, Toronto-based startup with big ambitions.

About the role

As a dedicated Security Engineer, you’ll play a mission-critical role in defining and implementing the practices, tools, and architecture that will safeguard our infrastructure, data, and applications. This is a high-impact, high-autonomy opportunity to build a security foundation from the ground up while directly influencing how we scale safely and intelligently.

You’ll work cross-functionally with all teams to reduce risk, operationalize security, and ensure we can meet the needs of a growing fintech platform with best-in-class standards.

Our tech stack: React, Redux, Python, Webpack, Gatsby,  Node.js , PostgreSQL, AWS

• Design and implement security architecture across cloud, infrastructure, endpoints, and applications using tools like AWS Security Hub, IAM, GuardDuty, CloudTrail, Inspector, etc.
• Integrate static and dynamic security testing into CI/CD pipelines (e.g. SonarQube, GitHub Actions).
• Manage tools such as SIEM, firewalls, MDM, VPN, and EDR. Automate alerting, patching, and rulesets wherever possible.
• Lead security reviews, threat modeling, and secure coding practices in collaboration with engineering.
• Drive incident response processes, from detection and triage to resolution and post-mortem.
• Support SOC2 compliance efforts including evidence gathering, access reviews, and internal audits.
• Define and operationalize vulnerability management workflows, asset monitoring, and risk mitigation.
• Educate teams on secure development, OWASP standards, and emerging threats. Promote a security-first mindset across the org.
• Collaborate with leadership to evolve PolicyMe’s security roadmap and tooling strategy.

• 5+ years of experience in infrastructure and/or application security , ideally in startup or scale-up environments.
• Strong grasp of AWS cloud security fundamentals and tooling (IAM, VPC, KMS, S3, Security Hub, etc).
• Experience with integrating security controls into CI/CD pipelines and engineering workflows.
• Hands-on scripting ability (e.g. Python, Bash) to automate processes and handle operational tasks.
• Excellent communicator with the ability to articulate risks and solutions to both technical and non-technical stakeholders.
• A proactive problem-solver who thrives in autonomous roles and can define and drive strategy with limited oversight.
• Comfortable managing a broad security surface area : from endpoint security to cloud misconfigurations to compliance support.

Reports To: DevOpsSec Manager

• Generous PTO - 20 vacation days
• Access to stock options and a comprehensive benefits plan
• A remote-first team with company paid, in-person socials and the option to work from our Toronto-based office
• Resources to help your professional development, including an L&D budget, performance reviews twice a year and ongoing feedback to ensure you reach your highest potential
• Work with an empathetic, high-performing team in a flexible, results-oriented environment

Job Tags

Similar Jobs