Security Engineer

Security Engineer

Information Security Unit

Permanent

Job Requisition#: JR100834

Closing Date: May 21, 2026

The Ontario Securities Commission (OSC) is the statutory body responsible for regulating Ontario’s capital markets in accordance with the mandate established in the provincial Securities Act and the Commodity Futures Act. The mandate of the OSC is to provide protection to investors from unfair, improper or fraudulent practices, to foster fair, efficient and competitive capital markets and confidence in the capital markets, to foster capital formation, and to contribute to the stability of the financial system and the reduction of systemic risk. This mandate is performed through policy, operational, and enforcement activities. The OSC also contributes to national and global securities regulation development.

We offer a diverse, fair, and flexible work environment and take pride in our challenging and rewarding work.

This opportunity is considered to be a business critical role supporting the Information Security business unit.

Summary

The Security Engineer will design and implement security systems to protect the OSC’s systems from cyber-attacks and help set and maintain security standards. They will monitor networks and systems, detect security threats ('events'), analyze and assess alarms, and report on threats, intrusion attempts and false alarms, either resolving them or escalating them, depending on the severity. This role is responsible for having a deep understanding of current OSC Cyber Security systems, the broader technological environment and playing a pivotal role in ensuring the implementation of solid cyber security solutions in support of the IT modernization. This role supports the Chief Information Security Officer in performing the operational work required to implement the OSC Information Security Program.

Key Duties and Responsibilities

Responsible for vendor management, identifying new technology, resolving vendor issues, negotiating statements of work and design solutions.

Accountable for the implementation of the OSC’s security systems or controls.

Work closely with the Information Services & Digital Solutions (ISDS) Division staff during the implementation of technology projects.

Implements and configure cyber security tools and integration components working with the infrastructure and Enterprise Architecture units to ensure optimal integration between platforms.

Assist infrastructure teams in troubleshooting cyber security related integration issues and provides guidance on appropriate technological resolutions.

Work closely with Management on the procurement process to evaluate vendors and assessment of products based on defined requirements.

Test and evaluate new security products to assess alignment with OSC ecosystem and make recommendation to Management.

Identify, prioritize, and mitigate vulnerabilities across all assets in the OSC to ensure that Security incidents & Vulnerability/Patch Management is proactively managed, and security issues are triaged and remediated.

Monitor and take the necessary action on attacks, intrusions, unusual/unauthorized activity, phishing emails and spam activity.

Investigate security alerts/breaches and provide the necessary incident response while providing recommendations to remediate the issue.

Proactively determine emerging threat patterns / vulnerabilities and identify potential weaknesses using advanced analytic tools and appropriate security controls.

Research and evaluate emerging cyber security threats and make recommendations on approaches and strategies to mitigate them.

Liaise with the ISDS and stakeholders in relation to security issues and to provide recommendations.

Generate qualitative reports on privileged accounts and vulnerabilities (etc.) for both technical and non-technical staff to understand our security risk and monitor progress on the necessary remediations.

Develop and maintain documentation for various security systems and applications.

Keep up to date with the latest security and technology developments.

Assist with the creation, maintenance, and delivery of information security awareness training campaigns.

Plan for disaster recovery and create contingency plans in the event of any security disruptions to normal operations.

Provide guidance to junior-level staff relating to monitoring of systems and supports the evolution of the OSC Information Security Program.

Qualifications

A relevant degree Computer Science or a comparable field of study, or certificate in Information Security (or equivalent experience)

Industry certifications such as CISSP, Certified Information Systems Security Professional or GISP, GIAC Information Security Professional are preferred

A minimum of 7-10 years of relevant experience in IT security or information risk management

Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security

Solid understanding of general networking principles and common protocols

Familiar with ISO/IEC 27000 family of standards for Information Security Management, NIST series of standards related to Information Security and Risk Management and other best practices for information security

Good working knowledge of various security technologies such as network and application firewalls, segmentation, policy management, proxies, web filtering, SIEM, end point protection, secure remote access solutions (VPN, SSO & MFA) anti-virus and security operations

Experience in vulnerability assessment scanning, secure code, and infrastructure security reviews for internal and external facing (web) applications

Experience with system development lifecycles (SDLC) and embedding security assurance into the planning, implementation, testing and deployment of solutions

Experience with Public Key Infrastructure (PKI) management

Experience with cloud security & integration (preferably Azure Cloud)

Experience with Pao Alto Firewalls, PRISMA and related technologies

Experience with Azure Premium Firewalls, Network Security Group (NSG) and related technologies

Experience with Cisco switches and related technologies

Familiarity with some or all of Microsoft Security set of products, and depth experience in at least 1 of the following: Azure Sentinel, Azure Security Center (ASC), Windows Defender Advanced Threat Protection (WDATP) Microsoft Cloud App Security Broker (CASB) Solutions - Microsoft Cloud App Security (MCAS) / Office 365 Cloud App Security (OCAS) / Azure AD Cloud App Discovery Office 365 Advanced Threat Protection (O365 ATP), Office 365 Threat Intel (O365 TI), Azure Advanced Threat Protection (Azure ATP).

Solid understanding of TCP/IP, BGP, OSPF and related protocol stack

An understanding of the information security risks associated with various technologies and ways to manage them

Familiar with ITIL Change Management process

Analytical and problem-solving skills to identify and assess risks, threats, patterns, and trends

Strong oral and written communication skills

Excellent attention to detail

Teamworking skills to collaborate with team members and clients

An ability to work under pressure, particularly when dealing with threats and at times of high demand

Time-management and organisational skills to manage a variety of tasks/competing priorities and meet deadlines

Integrity and a passionate commitment to IT security as a profession

Grow your career and make a difference working at the OSC.

We thank all applicants for their interest in the Ontario Securities Commission. We will contact those selected for an interview.

The OSC is committed to diversity and providing an inclusive workplace and providing accommodation in accordance with the Accessibility for Ontarians with Disabilities Act and the Human Rights Code. It is our priority to ensure employment opportunities are visible and barrier-free to all under-represented groups including but not limited to, Indigenous, Black and racialized groups, people with disabilities, women and people from the 2SLGBTQI+ community, to achieve an employee demographic profile reflective of the demographic profile of Ontarians.

The OSC is a proud partner with the following organizations: Ascend Canada, BlackNorth Initiative, Canadian Centre for Diversity and Inclusion, and Pride at Work Canada

If you require an accommodation during the recruitment process, please let us know by contacting our confidential inbox HRRecruitment@osc.gov.on.ca.

Visit Accessibility at the OSC to review the OSC’s policies on accessibility and accommodation in the workplace.