Senior Security Platform Engineer
Sun Life · Waterloo, ON
- On site
- Full-time
- CA$140,000 / year
- Waterloo, ON
This role may have been filled. Drop your résumé and we'll check if it's still open — or find you similar roles.
Job highlights
- Lead security platform design and implementation.
- Enhance corporate and production system security.
- Manage security technologies and projects.
- Respond to security incidents.
- Collaborate with IT teams on security.
About the role
Senior Security Platform Engineer
Sun Life is seeking a Senior Security Platform Engineer to plan, design, implement, and monitor security technologies. This role involves supporting security platforms and products, developing use case scenarios, and enhancing the security of corporate and production systems. You will collaborate with various IT teams to identify business risks and lead the implementation of security solutions to protect sensitive information.
Key Responsibilities:
- Deploy, administer, and enhance Mandiant Security Validation (MSV) within the Security Visibility program.
- Analyze information systems using cybersecurity techniques and lead security initiatives and enterprise-level projects.
- Deploy, support, and maintain new and existing security technologies.
- Implement risk-driven security controls and provide Subject Matter Expertise (SME) during audits.
- Investigate and respond to security incidents, adhering to defined SLAs.
- Identify business risks and recommend mitigation strategies.
- Manage the capacity and resiliency of security systems.
- Collaborate with security peers, vendors, and other Sun Life teams to improve security posture.
- Act as a change catalyst for Digital Transformation using JIRA and Confluence.
- Transition and operationalize projects and products, including documentation and training.
- Document, update, and maintain cybersecurity playbooks, policies, and knowledge base articles.
- Continuously improve operational and security platform processes.
What You Need to Succeed:
- Minimum 5-7 years of information security and engineering experience with enterprise-level security technologies (Perimeter, Endpoints, Crypto, Cloud, Email Security, Security Visibility, Automation/Orchestration).
- Minimum 3 years of experience leading global information security projects.
- Previous security experience in penetration testing, security investigations, or red team exercises.
- Experience with security control validation (e.g., MSV), including MITRE ATT&CK mapping and translating findings into improvements.
- An Information Technology University degree/college diploma or equivalent work experience.
- Experience with security validation/breach-and-attack simulation platforms (e.g., Mandiant Security Validation (MSV)).
- Experience managing 3rd party security service providers.
- Broad exposure to multiple security disciplines and in-depth exposure in Incident Response or Detection Engineering.
- Knowledge of NIST & (ISO) 2700x standards.
- Experience planning, researching, and developing security policies, standards, and procedures.
- Experience in a system administration role supporting multiple platforms and applications.
- Experience with Windows and Linux based operating systems.
- Experience deploying enterprise technology using Scrum and Kanban methodologies.
- Knowledge of networking technologies, firewalls, WAFs, and IDS/IPS.
- Knowledge of AWS cloud technologies.
- Knowledge of disaster recovery technologies and methods.
- Extensive knowledge of Information Security principles, protocols, practices, and industry standards.
Preferred Qualifications:
- Certifications in data network engineering and/or security (e.g., CCNP/CCNP-Security, CCSP, CISSP, GIAC, CompTIA).
Preferred Skills:
- Strong oral and written communication skills.
- Problem-solving abilities with a focus on timely resolution and skillful analysis.
- Exceptional troubleshooting skills.
- Analytical skills for synthesizing complex information.
- Critical thinking to develop alternative solutions.
- Strong leadership and teamwork skills.
- Pragmatic understanding of security problems as a mix of technology and process.
- Solid understanding of existing and emerging Information Security technologies.
- Self-starter, strategic thinker.
- Strong hands-on technical skills in security risks and solution implementation.
- Strong investigative mindset with attention to detail, ownership, urgency, and drive.
Note: Participation in 24x7 on-call support is required, including major incident management calls.
What’s in it for you:
- Recognition as a 2026 Best Workplaces in Canada by Great Place to Work® Canada.
- Recognition by Excellence Canada for Mental Health at Work®.
- Wellness programs supporting mental, physical, and financial health.
- Opportunities for career growth and networking.
- Hybrid work environment offering flexibility.
Key Skills/Competency:
- Security Platform Engineering
- Information Security
- Risk Management
- Incident Response
- Security Technologies
- Cloud Security
- Automation
- Project Leadership
- Vulnerability Management
- Network Security
Skills & topics
- Senior Security Platform Engineer
- Security Engineering
- Information Security
- Cybersecurity
- Platform Security
- Cloud Security
- Incident Response
- Risk Management
- Security Operations
- Mandiant Security Validation
- AWS
- NIST
- ISO 27001
- Scrum
- Kanban
- MITRE ATT&CK
How to get hired
- Tailor your resume: Highlight your 5-7 years of security engineering experience and specific skills in areas like cloud security, automation, and incident response to match the job description.
- Showcase project leadership: Emphasize your 3+ years of leading global information security projects and any experience with penetration testing or red team exercises.
- Demonstrate technical expertise: Detail your proficiency with security validation platforms (like MSV), knowledge of NIST/ISO standards, and experience with both Windows/Linux OS and cloud technologies (AWS).
- Prepare for technical and behavioral interviews: Be ready to discuss your problem-solving approach, analytical skills, critical thinking, and how you handle ambiguity and lead teams in security initiatives.
Technical preparation
Master security validation tools like MSV.,Review MITRE ATT&CK framework.,Practice AWS cloud security configurations.,Prepare for incident response scenarios.
Behavioral questions
Describe leading a complex security project.,How do you handle ambiguity in tasks?,Explain your approach to risk identification.,How do you collaborate with other teams?
Frequently asked questions
- What are the core responsibilities for a Senior Security Platform Engineer at Sun Life?
- The core responsibilities include planning, designing, implementing, and monitoring security technologies, supporting security platforms, developing use cases, and enhancing the security of Sun Life's systems. You'll also investigate incidents, manage security systems, and collaborate with various IT teams.
- What experience is required for the Senior Security Platform Engineer role at Sun Life?
- A minimum of 5-7 years in information security and engineering with enterprise-level technologies is required, along with at least 3 years of experience leading global information security projects. Experience with security validation platforms like Mandiant Security Validation (MSV) is also crucial.
- What technical skills are most important for this Sun Life security role?
- Key technical skills include experience with enterprise security technologies (perimeter, endpoint, cloud, etc.), security control validation, incident response, detection engineering, NIST/ISO standards, Windows/Linux OS, AWS cloud technologies, and networking. Familiarity with Scrum/Kanban is also beneficial.
- What kind of work arrangement can I expect as a Senior Security Platform Engineer at Sun Life?
- Sun Life operates as a hybrid organization. This means you and your leader will determine where you work—at home or in the office—based on business and client needs, offering flexibility in your work arrangement.
- Does Sun Life offer opportunities for professional development and career growth for this role?
- Yes, Sun Life emphasizes career growth and offers opportunities to move along various career paths. They also provide excellent networking potential and recognition for being a great workplace, fostering employee development.
- What are the benefits of working as a Senior Security Platform Engineer at Sun Life?
- Benefits include recognition as a top workplace, comprehensive wellness programs for mental, physical, and financial health, and opportunities for career advancement. The hybrid work model also provides flexibility.
- Is on-call support required for the Senior Security Platform Engineer position at Sun Life?
- Yes, participation in 24x7 on-call support is a requirement for this role. This includes joining major incident management calls to provide necessary support and consultation.