Principal Consultant Cybersecurity & Agentic AI Toronto, ON Fulltime opportunity

Role: Principal Consultant - Cybersecurity & Agentic AI

Location: Toronto ON (Need Onsite day 1 Hybrid 4 days from office)

Duration: Fulltime Opportunity

Looking for candidates with hands-on agentic AI engineering strong offensive security (pen testing red teaming exploit dev) and a strong development background. This role needs someone who personally builds and operates agentic AI systems writes production code and breaks into things.

Job Description:

• 10 years hands-on experience across software engineering offensive security and defensive security at a principal engineer level with demonstrated personal contributions to production codebases and published vulnerability research or penetration testing engagements.
• Advanced technical proficiency in multiple programming language (Java C# C C Python JavaScript/ Go) with proven ability to personally write review and remediate production code.
• Deep fluency in vulnerability classes including memory safety injection authentication and authorization flaws cryptographic misuse deserialization race conditions and supply chain attacks with hands-on experience finding and exploiting each.
• Extensive hands-on experience with penetration testing red teaming exploit development reverse engineering and secure code review against OWASP Top 10 and SANS 25 combined with defensive engineering experience building detection and remediation capabilities.
• Extensive hands-on experience with application security testing tools (SAST DAST IAST SCA) including tuning false positive analysis exemption workflow design and enterprise vulnerability management at scale.
• Deep technical fluency with agentic AI coding tools and frameworks (Claude Devin Copilot Windsurf Cursor MCP including prompt engineering agent orchestration reusable skill and tool design guardrail design and evaluation.
• Strong architectural knowledge of modern container platforms (Docker Kubernetes) cloud-native deployment patterns and integration of security automation into developer workflows.

Preferred but not required:

• Relevant security certifications (OSCP OSCE OSEP GXPN GWAPT CISSP or equivalent).
• Experience in financial services or highly regulated industries with exposure to SOX SOC1 and regulatory audit.
• Public evidence of offensive capability: published CVEs bug bounty track record conference talks (DEFCON Black Hat Offensive Con Recon) CTF placements or open-source security tooling contributions.
• Hands-on experience with enterprise vulnerability tooling (Tenable Aqua Snyk BrightSec) and remediation at scale.
• Demonstrated ability to advise senior technology leaders and deliver within complex multi-stakeholder enterprise environments.