Senior Cloud Security Engineer

Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are available through a variety of wealth management platforms.

About Haventree Bank

Headquartered in Toronto Ontario Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the banks mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system.

Position Summary:

Reporting to the Director Information Security the Senior Cloud Security Engineer role is accountable for the security architecture and assurance of our cloud environments by embedding security into the software delivery lifecycle (SDLC) through modern DevSecOps practices. You will lead the design of secure cloud solutions drive cloud governance and Zero Trust practices and partner with engineering to ensure our platforms applications and CI/CD pipelines are secure resilient and compliant. The ideal candidate brings deep technical cloud security expertise strong architectural instincts and the ability to translate complex security risks into clear actionable engineering guidance.

Major Duties & Responsibilities:

• Act as a technical owner for key cloud security platforms influencing configuration detection logic and roadmap in partnership with operations teams.
• Define and maintain cloud security reference architectures in a multi cloud environment covering identity network segmentation encryption workload protections logging/monitoring and secure service integration.
• Establish secure patterns for Infrastructure as Code including secure-by-default templates scanning expectations and drift considerations.
• Review and enhance CI/CD pipelines for security best practices integrating modern supply chain security controls (artifact signing SBOMs dependency scanning pipeline integrity).
• Review and enhance security configurations for our Customer Identity and Access Management (CIAM) platform ensuring secure access and compliance with privacy regulations.
• Lead structured threat modeling for critical applications cloud services and third-party integrations ensuring outputs become actionable mitigations and delivery backlog items.
• Define requirements for encryption and key management for data at rest and in transit; establish secure secrets management practices across cloud and CI/CD.
• Perform architecture and security reviews for designs and major changes focusing on trust boundaries identity flows API security data classification encryption logging/monitoring and third-party risk considerations.
• Partner with platform and engineering teams to ensure designs support resilience availability disaster recovery and secure failover consistent with business continuity requirements.
• Develop roadmaps and recommendations to drive enhancements to cloud security architecture governance and standards. Identify incorporate and articulate cloud security best practices such as DevSecOps strategy Zero Trust design and cloud incident response.
• Perform security reviews and maturity assessments across technology and business teams to address cyber risk. Provide clear and organized risk findings and recommendations to business teams.
• Partner with engineering teams to mentor coach and advocate for secure-by-design practices across development and operations.
• Stay ahead of evolving cloud security threats and methodologies applying them to strengthen security guardrails CI/CD pipelines and engineering best practices.

Qualifications & Experience:

Degrees Diplomas & Certifications:

• Bachelors degree in Computer Science Information Security or a related field or equivalent work experience.

• Desirable certifications: relevant security certifications such as - Azure Security Engineer Associate (AZ-500) AWS Certified Security Specialty CCSP OSCP CISSP.

Years and Range of Experience Required to Perform the Job:

• 7 years in cybersecurity with 5 years focused on cloud security engineering/architecture (Azure preferred; AWS an asset) including leadership of cross-functional initiatives.
• Hands-on experience with CNAPP and cloud governance solutions such as Microsoft Defender for Cloud Azure Policy or AWS Control Tower.
• Expertise in cloud security architecture particularly:
  • Identity and access management (OAuth2 OIDC JWT federation CIAM)
  • Network micro-segmentation and Zero Trust design
  • Data protection encryption secrets management
  • API security best practices and securing thirdâparty integrations
• Proven experience conducting structured threat modeling and embedding outputs into engineering workflows.
• Strong experience securing InfrastructureâasâCode (Terraform preferred) including policy-as-code frameworks (OPA/Rego Sentinel Azure Policy).
• Experience building or maintaining cloud-native SIEM and detection engineering (e.g. Microsoft Sentinel) including threat detection incident analysis and automation.
• Experience supporting cloud incident response including log analysis identity compromise investigation and containment in Azure/AWS environments.
• Knowledge of cloud supply chain security including SBOMs signed builds dependency scanning and pipeline integrity (SLSA or similar frameworks).
• Excellent collaboration and communication skills with the ability to explain complex security concepts to developers and non-technical stakeholders.
• Familiarity with securing cloudâbased data platforms analytics services and emerging AI/ML workloads.
• Solid understanding of OWASP NIST CIS benchmarks and cloud security frameworks.
• Familiarity with financial industry regulatory and compliance standards (e.g. PIPEDA OSFI SOC 2).

While we thank everyone for their interest in Haventree Bank please note that only candidates selected for an interview will be contacted. Haventree Bank is committed to providing accommodation when needed. If you require an accommodation we will work with you to meet your needs.

1. As a job candidate our recruitment process includes collecting personal information. Please click the link here to review our Privacy Policy.Privacy Statement Haventree Bank
2. Stay in touch with us if this position is not the right one for you please click on this link for other roles atCareers Haventree Bankor follow us on LinkedIn at Bank embraces equal opportunity diversity and inclusion. Please let us know if you require any accommodations during the recruitment and selection process by contacting

Required Experience:

Senior IC