Senior Security Platform Engineer

About the Role

You are invited to join Sun Life as a Senior Security Platform Engineer. This role is for a candidate with 5+ years of experience in information technology and security, becoming a key member of a growing security platform team operating within an agile environment. The ideal candidate will possess the technical prowess to plan, deploy, and manage a diverse array of security technologies, essential for monitoring and protecting sensitive data and systems from infiltrations and cyber-attacks.

What You Will Do

• Deploy and manage Endpoint Security Solutions including CrowdStrike, Netskope, and Semperis.
• Smoothly transition and operationalize projects and products by developing RACI matrices, completing product documentation, and educating BAU teams.
• Analyze information systems using various cybersecurity techniques, lead security initiatives, and manage enterprise-level projects implementing security solutions, including conducting POC/POV for new technologies.
• Support the operations and maintenance of Endpoint Security Solutions (CrowdStrike, Netskope, Semperis).
• Implement risk-driven security controls and provide Subject Matter Expertise (SME) during audits.
• Work independently with high ambiguity, delivering expected outcomes, focusing on deliverables, and building trust with internal clients and peers.
• Deploy, support, and maintain new and existing security technologies within Sun Life, owned and supported by the team.
• Investigate and respond to security incidents, adhering to defined SLAs, and participate in 24x7 on-call support, including major incident management calls.
• Identify business risks and recommend strategies for mitigation.
• Manage the capacity and resiliency of security systems protecting Sun Life’s internal and client data.
• Collaborate with security peers, vendors, and other Sun Life teams to enhance security posture and best practices.
• Act as a change catalyst for Digital transformation, utilizing JIRA and Confluence for estimating stories, setting definitions of done, and tracking updates.
• Document, update, and maintain cybersecurity playbooks, policies, and knowledge base articles for Incident Management and CSIRT processes.
• Continuously improve operational and security platform processes.

What You Will Need to Succeed

• An Information Technology University degree/college diploma in related discipline(s) or equivalent work experience.
• Minimum 5-7 years of Information security and engineering experience with enterprise-level security technologies in one or more areas: Perimeter, Endpoints, Crypto, Cloud, Email Security, Security Visibility, Automation, and Orchestration.
• Minimum 3 years of experience successfully leading global information security projects.
• Experience with end-point detection and response, web content filtering technologies, and active directory threat detection and response.
• Experience in managing 3rd party security service providers for security service delivery.
• Broad exposure to multiple security disciplines and in-depth exposure in Incident Response or Detection Engineering.
• Knowledge of a broad range of security controls and risk management frameworks (NIST & ISO 2700x standards).
• Experience designing secure networks and endpoint systems.
• Experience planning, researching, and developing security policies, standards, and procedures.
• Experience in a system administration role supporting multiple platforms and applications.
• Experience with Windows and Linux-based operating systems.
• Experience in deploying enterprise-level technology via managed projects using Scrum and Kanban methodologies.
• Knowledge of networking technologies, firewalls, web application firewalls, and intrusion detection and prevention systems.
• Knowledge of AWS cloud technologies.
• Knowledge of disaster recovery technologies and methods.

Preferred Skills

• Certifications in data network engineering and/or security: CCNP/CCNP-Security, CCSP, CISSP, GIAC-GCIA, GIAC-GCED, CompTIA, or equivalent security certification.
• Strong spoken and written communication skills with the ability to convey technical issues to peers and management.

What’s In It For You

• Be part of an organization recognized as a 2024 Best Workplaces in Ontario by Great Place to Work® Canada.
• Work for a company recognized by Excellence Canada with the Canada Order of Excellence for Mental Health at Work®.
• Access wellness programs supporting mental, physical, and financial health.
• Opportunities for diverse career paths and extensive networking.
• Benefit from a hybrid work model, offering flexibility between home and office based on business, client, and individual needs.

Key skills/competency

• Endpoint Detection and Response (EDR)
• CrowdStrike
• Netskope
• Semperis
• Information Security
• Cybersecurity
• Risk Management
• Incident Response
• Cloud Security (AWS)
• Agile Methodologies