Security Engineer

Overview of the role

Join us at PolicyMe! We’re modernizing insurance and we’d like your help. The Canadian insurance landscape has remained largely unchanged for decades, and we are in the process of changing that. We’re a remote-first, Toronto-based startup with big ambitions.
About the roleAs a dedicated Security Engineer, you’ll play a mission-critical role in defining and implementing the practices, tools, and architecture that will safeguard our infrastructure, data, and applications. This is a high-impact, high-autonomy opportunity to build a security foundation from the ground up while directly influencing how we scale safely and intelligently.
You’ll work cross-functionally with all teams to reduce risk, operationalize security, and ensure we can meet the needs of a growing fintech platform with best-in-class standards.
Our tech stack: React, Redux, Python, Webpack, Gatsby, Node.js, PostgreSQL, AWS

What you’ll be doing:

• Design and implement security architecture across cloud, infrastructure, endpoints, and applications using tools like AWS Security Hub, IAM, GuardDuty, CloudTrail, Inspector, etc.
• Integrate static and dynamic security testing into CI/CD pipelines (e.g. SonarQube, GitHub Actions).
• Manage tools such as SIEM, firewalls, MDM, VPN, and EDR. Automate alerting, patching, and rulesets wherever possible.
• Lead security reviews, threat modeling, and secure coding practices in collaboration with engineering.
• Drive incident response processes, from detection and triage to resolution and post-mortem.
• Support SOC2 compliance efforts including evidence gathering, access reviews, and internal audits.
• Define and operationalize vulnerability management workflows, asset monitoring, and risk mitigation.
• Educate teams on secure development, OWASP standards, and emerging threats. Promote a security-first mindset across the org.
• Collaborate with leadership to evolve PolicyMe’s security roadmap and tooling strategy.

What we are looking for:

• 5+ years of experience in infrastructure and/or application security, ideally in startup or scale-up environments.
• Strong grasp of AWS cloud security fundamentals and tooling (IAM, VPC, KMS, S3, Security Hub, etc).
• Experience with integrating security controls into CI/CD pipelines and engineering workflows.
• Hands-on scripting ability (e.g. Python, Bash) to automate processes and handle operational tasks.
• Excellent communicator with the ability to articulate risks and solutions to both technical and non-technical stakeholders.
• A proactive problem-solver who thrives in autonomous roles and can define and drive strategy with limited oversight.
• Comfortable managing a broad security surface area: from endpoint security to cloud misconfigurations to compliance support.

Reports To: DevOpsSec Manager

Why join us:

• Generous PTO – 20 vacation days
• Access to stock options and a comprehensive benefits plan
• A remote-first team with company paid, in-person socials and the option to work from our Toronto-based office
• Resources to help your professional development, including an L&D budget, performance reviews twice a year and ongoing feedback to ensure you reach your highest potential
• Work with an empathetic, high-performing team in a flexible, results-oriented environment

About PolicyMe:

At PolicyMe, we are Canada’s leading digital insurance solution, offering straightforward and affordable financial protection for families from coast to coast. Our product suite includes Life Insurance, Critical Illness Insurance, and Health & Dental Insurance, all tailored to Canadians’ evolving needs. We also offer B2B2C solutions, partnering with organizations to provide seamless digital insurance options. Founded by a team of insurance experts and technology entrepreneurs, PolicyMe is committed to making insurance simpler and more accessible. Since our launch in 2018, we have grown exponentially, selling over $10 billion in insurance coverage to Canadians.
We are proud of the team we’ve built and are excited for those that are yet to join us. We operate with a remote-first culture, attracting top talent from across Canada. If you’re looking for a fast-paced, collaborative environment, working alongside incredibly ambitious yet humble humans, we may be the right place for you! To learn more, visit www.policyme.com.
Commitment to Equal Opportunity:PolicyMe is proud to be an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, or disability status. We thank all applicants for their interest, however, only those selected for an interview will be contacted.
Accessibility Statement:PolicyMe is dedicated to ensuring an accessible experience for all candidates. If you require accommodations during the application process, please let us know in the “Additional Information” section of the job application. We are committed to working with you to provide support and make reasonable adjustments throughout the process.