Senior Security Engineer
Hybrid · Toronto, Ontario, Canada
Job Summary
Senior Security Engineer role focused on offensive security within PheedLoop. Responsibilities include planning and executing end-to-end red-team engagements, conducting realistic attack simulations (reconnaissance to post-exploitation), hardening the software supply chain, securing developer workstations, leading incident response, and conducting threat hunts. You’ll build and document findings into actionable fixes, partner with Engineering/SRE/leadership to translate findings into roadmaps, and cultivate a strong security culture through phishing simulations and secure-default practices. Required skills include deep web app/API security knowledge (OWASP Top 10), understanding of modern stacks (Python/Django, React, AWS), scripting (Python, Bash), familiarity with offensive tooling, and the ability to communicate complex attacker chains to both engineers and leadership. Certifications (OSCP/CRTO/GPEN) are nice-to-have but not required; demonstrated experience and portfolio matter more.
Required Qualifications
- 3+ years in offensive security, red teaming, penetration testing, or a closely adjacent role
- Strong fundamentals across web app and API security (OWASP Top 10 inside and out)
- Working knowledge of supply chain attack patterns — package compromise, dependency confusion, typosquatting, malicious IDE extensions
- Comfort in modern stacks like Python / Django, React, and AWS
- Solid scripting skills in Python, Bash, or similar
- Hands-on experience with common offensive tooling
- Ownership mindset
- Sharp written communication
- Calm, ethical, and discreet
- Certifications like OSCP, CRTO, GPEN, or similar are nice to have
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.