Position Description

This role is hybrid and requires you to be at our downtown Toronto and/or Client office at a minimum 1 day per week - subject to change at any time.

Your future duties and responsibilities

We are seeking a Hybrid Cloud Security Engineer to secure our multi-tenant SaaS platform by overseeing both modern cloud environments and mission-critical on-premises infrastructure. This role is essential in ensuring our security posture spans internal data centers, legacy systems, and cloud-native services.

As a key member of the security engineering team, you’ll architect, implement, and continuously improve scalable, secure, and compliant systems that support our product delivery across both platforms.

________________________________________

Key Responsibilities

🔐 Security Architecture & Engineering (Hybrid)

• Design secure infrastructure blueprints for our GCP Cloud environments and internal data centers.
• Define controls for secure connectivity, such as VPNs, site-to-site tunnels and interconnect.
• Develop and maintain security baselines for compute, storage, and networking across platforms, including cloud managed services.
• Define and implement (using Terraform) cloud networks required to support products deployments on cloud (GCP)

🧱 On-Premises Infrastructure Security

• Perform regular reviews of the firewall rules implemented in our on premise environments.
• Provide security SME expertise to our product development teams.

🔒 Cloud Security & SaaS Platform Protection

• Partner with SRE and DevOps to secure CI/CD pipelines, container registries, and IaC workflows.
• Apply Zero Trust principles and secure multi-tenant boundaries in the SaaS environment.

🔍 Threat Detection, Monitoring & Response

• Integrate cloud and on-prem telemetry into centralized SIEM systems (e.g., Splunk, Sentinel).
• Conduct incident investigations across hybrid environments and coordinate remediation efforts.
• Develop automated alerting and response playbooks.

🧩 Governance, Risk & Compliance (GRC)

• Ensure the cloud engineering and product teams Implement controls and monitoring required for SOC 2, ISO 27001, HIPAA, or industry-specific frameworks.
• Automate evidence collection and reporting using security tooling and configuration management.

🧰 Security Automation & Tooling

• Use Terraform, Ansible, and other IaC tools to standardize secure configurations.
• Work with Corporate teams that operate and manage tooling like CSPM, DLP, WAFs, vulnerability scanners, and endpoint agents.
• Extend security practices to legacy applications that cannot be cloud-migrated.

Required Qualifications Required qualifications to be successful in this role

• Bachelor's degree in Computer Science, Cybersecurity, or related discipline—or equivalent experience.
• 8+ years in security engineering roles, including 2+ years working in hybrid (cloud + on-prem) environments.
• Expertise with:
• AWS, Azure, or GCP security services.
• Virtualization (e.g., VMware ESXi), endpoint protection, and firewall configuration.
• Identity management (AD, Azure AD, Okta), IAM/RBAC, and secrets management.
• Network security, VPNs, and perimeter defense.
• Understanding of Firewall rules, both on prem and in cloud environments

________________________________________

Preferred Experience

• Security certifications: CISSP, CISM, GIAC, CCSP.
• Familiarity with Zero Trust Architecture and secure SaaS multi-tenancy models.
• Experience with infrastructure security automation and CI/CD pipeline hardening.
• Tools: Terraform, Cisco Network Firewalls, GCP Firewalls.

________________________________________

Soft Skills

• Excellent communication and collaboration skills across engineering, DevOps, and compliance.
• Ability to manage competing priorities in a fast-paced SaaS organization.
• Strong analytical mindset, attention to detail, and a continuous improvement attitude.

________________________________________

Why Join Us?

• Influence the security architecture of a global SaaS platform undergoing cloud transformation.
• Work with cutting-edge technologies while solving real-world infrastructure challenges.
• Join a security-forward team embedded in the product lifecycle.
• Competitive compensation, career development, and flexible working options.

Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.

Come join our team—one of the largest IT and business consulting services firms in the world.