Cloud Security Engineer

This range is provided by Insight Global. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range CA$130,000.00/yr - CA$135,000.00/yr JOB DESCRIPTION Insight Global is looking for a Cloud Security Engineer for one of the leading banks in Toronto. We are looking for a detailed‑oriented Cloud Security Engineer to join our team. This individual will focus on automating and validating compliance as code (CaC) policies across multi‑cloud environments including GCP, Azure and AWS. This role involves creating and implementing automated test cases to ensure these policies function as intended. The engineer will integrate these tests into GitHub‑based CI/CD pipelines using GitHub workflows and GitHub actions and leverage Terraform, Python, PowerShell. Mainly responsibilities include the below: Design, develop, implement and maintain automated test frameworks for the behavior of existing compliance as a code policy across cloud environments (GCP/AWS/Azure) in alignment with banking regulations. Develop comprehensive positive, negative and edge exception test cases to validate policy enforcement logic. Build automated test pipelines integrated with CI CD workflows to ensure continuous validation of CAC changes. Collaborate with CaC policy developers, security architects and Cloud Service Owners to understand intended behavior and failure conditions. Implement mock cloud environments/services/IAM to simulate realistic scenarios for policy testing and maintain a test suite library, ensuring traceability between compliance requirements, validation cases and artifacts. Continuous testing & CI/CD integration. Integrate compliance validation tests into CI CD pipelines—GitHub actions, GitHub workflows and Terraform—to enforce continuous compliance checks before deployment. Automate security scanning and validation of Terraform deployments with PowerShell and Python. Validate the enforcement of banking cloud security policies by embedding automated compliance checks into DevSecOps workflows and actions. Cloud Security and Regulatory Compliance enforcement. Work closely with Banking security, DevSecOps teams, and Cloud Compliance governance teams to define and enforce cloud security controls in accordance with regulatory mandates. Validate cloud resource configurations against financial industry standards (NIST, ISO 27001, SOC 2) for Reporting & Audit Readiness. Implement/test logging and monitoring solutions to detect compliance violations in real time. Automate/validate the generation of compliance reports and dashboards using tools like SonarQube, Wiz.IO, Splunk. Ensure that all Standards & STIG requirements for IAAS, PaaS, SaaS CaC development and testing activities are traceable and auditable for internal risk assessments and external regulatory audits. REQUIRED SKILLS AND EXPERIENCE Strong knowledge of GCP, Azure, AWS. 4+ years in Cloud Security, DevSecOps, or Cloud Engineering roles. Cloud infrastructure as a code—experience with Terraform, Helm, ARM, JSON, YAML. Compliance as Code (CaC)—hands‑on experience with HashiCorp Sentinel, Azure policy, Wiz policy, GCP Org policy and Open Policy Agent, Kubernetes. CI/CD Pipelines—experience with GitHub actions, Jenkins. Scripting and Automation—proficiency in Python, Bash, Go, PowerShell, Terraform and automated testing framework. Cloud Security & Compliance—understanding of CIS benchmarks, NIST standards and security frameworks. NICE TO HAVE SKILLS AND EXPERIENCE Azure fundamentals certification, Azure security engineer associate, GCP fundamentals certification. Experience with multi‑cloud security testing (GCP, Azure and AWS). Experience with container security and Kubernetes policy enforcement. Seniority level Not Applicable Employment type Full-time Job function Engineering, Design, and Information Technology Industries Banking and IT Services and IT Consulting #J-18808-Ljbffr