Cloud Security Engineer

OverviewEnStream is a leader in secure digital identity and mobile data intelligence, working to advance the future of digital trust in Canada. We build innovative data-driven models that enhance the integrity, reliability, and safety of digital identity ecosystems.Our mission is to empower frictionless trust in every interaction. EnStream is dedicated to increasing trust and convenience for Canadians using real-life, verified identities and network data held by trusted telco networks. At EnStream, every team member plays a critical role in shaping our strategy and delivering meaningful impact across industries.About the RoleEnStream is seeking a Cloud Security & Compliance Engineer to join our team as a full-time internal security leader. This role serves as the company’s primary authority on cloud security, application security, data protection, and governance.While day-to-day infrastructure and security operations are handled by an external operations partner, this position owns EnStream’s security strategy, risk management, and compliance posture. You will play a central role in shaping how security is embedded into product development, cloud architecture, and operational processes.You will also act as the internal owner for SOC 2 and ISO 27001, work directly with customers and partners on security matters, and continuously improve EnStream’s security maturity as the company grows.This is a hands-on, senior individual-contributor role with strong influence across engineering, product, and leadership.What You'll DoServe as the internal security owner for EnStream’s cloud platform, applications, and data.Review and guide security design for new products, features, and architectural changes on AWS.Define, document, and maintain secure development and deployment standards (e.g., API security, authentication, secrets management, logging, input validation).Own data security and privacy practices, with a strong focus on PII: classification, encryption, access control, retention, and secure disposal.Lead responses to client and partner security assessments, audits, and due-diligence questionnaires.Manage third-party and partner security risk, including risk assessments, tracking, and mitigation plans.Act as the internal owner for SOC 2 and ISO 27001, coordinating with external advisors to:Define and maintain controlsMap requirementsSupport evidence collection and auditsDefine security requirements and expectations for the external operations partner (incident response, monitoring, patching SLAs, access reviews).Review security incidents, vulnerability reports, and audit findings and drive remediation and improvement.Maintain and evolve security policies, standards, and procedures aligned with PIPEDA, NIST, and customer expectations.Maintain a security risk register and regularly report on security posture and key risks to senior leadership.What You BringMust-Have Skills & Experience5+ years of experience in information security, with strong exposure to cloud (AWS) and application security.Deep understanding of AWS security services and concepts, such as: IAM, KMS, GuardDuty, Security Hub, CloudTrail, Config, WAF, MacieExperience designing or enforcing security controls in regulated or high-assurance environments (e.g., fintech, identity, government, healthcare).Working knowledge of SOC 2 and/or ISO 27001, including audit preparation or control implementation.Solid understanding of PII protection and privacy regulations (PIPEDA or similar).Proven ability to collaborate with software engineers, architects, and external vendors.Strong communication skills, with the ability to clearly explain security risks and trade-offs to technical and non-technical audiences, including customers.Nice-to-Have Skills & ExperienceEnd-to-end experience leading SOC 2 or ISO 27001 readiness and audits.Experience in fraud prevention, identity verification, or financial services.Hands-on DevSecOps experience (SAST, DAST, dependency scanning, IaC/container security).Experience facilitating threat modeling for cloud-native applications and APIs.Security certifications (CISSP, CCSP, CISM, AWS Security Specialty, or similar).Experience reviewing AI/ML or analytics pipelines from a security and privacy perspective.Why Join Us?Contribute to a national-scale initiative defining the future of digital trust in CanadaA full-time, long-term role with ownership of security and compliance at a growing, cloud-native company.Direct influence on product design, architecture, and company-wide security decisions.The opportunity to meaningfully shape EnStream’s security posture as the platform scales. #J-18808-Ljbffr