Senior Security Engineer

About The Position

Requirements

• 6+ years of experience in information security, with a focus on application security, cloud security, or security engineering.
• Experience working at a SaaS company with production environments in AWS.
• Strong application security skills including code review in Python and/or Java/Kotlin, API security, and familiarity with common web application vulnerabilities (OWASP Top 10).
• Hands-on experience with SAST tools (Semgrep, Snyk, Checkmarx, or GitHub Advanced Security) and integrating them into CI/CD pipelines.
• Working knowledge of AWS security services (Security Hub, GuardDuty, WAF, EC2 Image Builder, SSM) and infrastructure-as-code tools like Terraform.
• Proficiency in Python for security automation, scripting, and API integrations.
• Incident response experience in a structured IR program, with the ability to mature processes and lead investigations.
• Ability to identify strategic security gaps, build a roadmap, and drive initiatives to completion with minimal oversight.
• Strong communication skills with the ability to translate security risks into business context for both technical and non-technical audiences.

Nice To Haves

• Experience with server-side EDR platforms (SentinelOne or CrowdStrike Falcon).
• Familiarity with container security and Kubernetes environments.
• Relevant certifications (CISSP, GCIH, AWS Security Specialty, OSCP, or similar).
• Experience with WAF rule management and DDoS mitigation strategies.

Responsibilities

• Evaluate Canopy’s security posture across application, cloud, and infrastructure layers. Identify gaps, prioritize remediation, and own roadmap items through to completion.
• Lead application security efforts including code review across Python and Java/Kotlin codebases, API security assessments, and secure development guidance for engineering teams.
• Integrate and manage SAST tooling (Semgrep, Snyk Code, Checkmarx, or GitHub Advanced Security) within CI/CD pipelines (GitHub Actions/GitLab). Own finding triage, rule tuning, and false positive management.
• Collaborate with DevOps on AWS cloud security posture, including Security Hub, GuardDuty, WAF rule management, AMI/golden image pipelines, and infrastructure-as-code security via Terraform.
• Mature and evolve Canopy’s incident response program, improving playbooks, processes, and readiness.
• Build security automation and tooling using Python, including API integrations, data enrichment workflows, and tool orchestration.
• Partner cross-functionally with engineering, DevOps, and IT to embed security into development and operational workflows.

Benefits

• Flexible Paid Time Off - you’re actually encouraged to use, plus 10 company holidays!
• Health Benefits - including Medical, Dental, and Vision and an HSA Match.
• 401(k) - we match 100% up to 3% of your contribution. Eligibility is immediate with 100% vesting.
• Mental Health - all employees have access to Impact Suite & to our Employee Assistance Program (EAP).
• Paid New Parent Leave & Birthing Parent Leave - so you’re able to care for your little ones.
• Supplemental Benefits - including 100% company paid Basic Life & AD&D insurance and long & short-term disability coverage.
• Nectar - our peer-to-peer recognition program to help our employees recognize the amazing work being done by other Canopians!
• Company Events - including monthly company-wide meetings, summer parties, and more.
• ERG Committees - to plan initiatives around continuing education, community outreach, recruiting, onboarding, and more.
• Fully-stocked kitchen - Keto? Vegan? Flexitarian? Mandalorian? We’ve got you covered.