Cyber Security Resource (12 Month Contract)

Location: Hybrid/Burnaby

Staffing Placement Opportunity

Core Experience & Background

1. 5–8+ years of progressive experience in information security, with a strong focus on cloud security architecture and operations.
2. Proven experience securing public cloud platforms (Azure and/or AWS required; GCP an asset), including IaaS, PaaS, and SaaS workloads.
3. Hands-on experience supporting regulated environments (e.g., financial services, insurance, healthcare), including protection of PII and sensitive business data.
4. Demonstrated ability to operate at both strategic and hands-on levels, influencing architecture while remaining technically deep.

Cloud Security & Architecture

1. Deep understanding of cloud-native security controls, including:
2. Identity and Access Management (IAM), Conditional Access, Privileged Identity Management (PIM)
3. Network security (VNETs/VPCs, firewalls, private endpoints, service endpoints)
4. Data protection (encryption at rest/in transit, key management, HSMs, tokenization)
5. Secure workload design (container security, serverless security, VM hardening)
6. Experience designing and enforcing secure cloud landing zones and governance guardrails.
7. Strong knowledge of shared responsibility models across cloud service providers.

Security Operations & Monitoring

1. Experience implementing and operating cloud security monitoring and detection capabilities such as:
2. CSPM / CNAPP solutions
3. SIEM and SOAR platforms (e.g., Microsoft Sentinel)
4. Native cloud security tooling (e.g., Defender for Cloud, AWS Security Hub)
5. Ability to investigate, respond to, and remediate cloud security incidents.
6. Experience integrating cloud telemetry into enterprise SOC processes.

Risk Management & Compliance

1. Strong background conducting security risk assessments and security threat and risk assessments (STRAs) for cloud services and vendors.
2. Working knowledge of relevant security frameworks and standards:
3. NIST CSF / NIST 800?53
4. ISO 27001/27002
5. CIS Benchmarks and CIS Controls
6. Experience supporting compliance and audit activities (e.g., SOC 2, PCI DSS, SOX, privacy requirements).

DevSecOps & Automation

1. Experience embedding security into CI/CD pipelines and infrastructure as code (IaC) (e.g., Terraform, ARM/Bicep).
2. Familiarity with secure SDLC practices, code scanning, and cloud configuration validation.
3. Ability to define and promote “security as code” and policy as code approaches.

Vendor & Stakeholder Engagement

1. Experience performing third party and SaaS security reviews, including architectural assessments.
2. Ability to partner effectively with:
3. Cloud engineering and platform teams
4. Application development teams
5. Infrastructure, operations, and vendor management
6. Strong written and verbal communication skills, with the ability to explain complex security risks to non technical stakeholders.

Leadership & Professional Skills

1. Proven ability to lead
2. Strong analytical, documentation, and decision making skills.

Certifications (Preferred)

1. One or more of the following:
2. CISSP, CISM, or CRISC
3. Cloud specific certifications (e.g., AZ?500, AWS Security Specialty)
4. Experience with PCI-DSS

Note; this is an opportunity with a Microserve client.