Security & Compliance Engineer
TELUS Digital AI Data Solutions
Job Description
Role Summary We are looking for a proactive Security & Compliance Governance Engineer to drive audit readiness, cloud security governance, vulnerability management, and access lifecycle automation across the organisation. Key Responsibilities Cloud Security Governance Establish and enforce security baselines across AWS, GCP, and/or Azure Implement and manage Cloud Security Posture Management (CSPM) Enforce IAM, encryption, logging, and least-privilege access Conduct cloud audits and compliance assessments (SOC 2 / ISO 27001 aligned) Integrate IaC security scanning into CI/CD pipelines Application Security Conduct threat modelling and secure architecture reviews Perform code reviews and manage SAST/DAST/dependency scanning Drive vulnerability remediation with defined SLAs Secure APIs, containers, and Kubernetes environments Manage secrets and prevent credential exposure DevSecOps & Automation Integrate security controls into CI/CD pipelines Automate compliance checks and security gates Implement secret scanning and branch protection Build dashboards and reporting for security metrics Audit & Compliance Lead SOC 2, ISO 27001, AI Risk Assessments, GDPR, TISAX audits end-to-end. Act as the SPOC for auditors , managing documentation, evidence, and control mapping.
Conduct internal gap assessments and drive remediation initiatives. Design scalable compliance processes with minimal engineering overhead. Preferred Certifications (Optional) CISA, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, AWS Security Specialty.
Required Qualifications 4-7 years in Cloud Security and/or Application Security Hands-on experience with AWS, GCP, or Azure security Experience integrating security into CI/CD pipelines Strong knowledge of OWASP Top 10 and cloud security best practices Proficiency in at least one scripting language (Python/Bash preferred) What We’re Looking For Strong ownership mindset Process-driven and automation-focused Excellent communication skills Ability to balance security enforcement with business agility