Security Engineer

Summary

Join PolicyMe, a modernizing insurance company, as a Security Engineer to play a foundational role in protecting our platform, data, and customers. You will work across the stack, from application security to infrastructure hardening and incident response. This high-impact, high-autonomy role offers the opportunity to build smart systems and strong foundations. You will design and implement security architecture, own threat modeling and vulnerability management, deploy and manage security tools, establish security policies, lead incident response, conduct audits, and train teams on best practices. The role requires 5+ years of hands-on experience in infrastructure and/or application security. PolicyMe offers generous PTO, stock options, a comprehensive benefits plan, remote work options, professional development resources, and a flexible work environment.

Requirements

• Experienced in security engineering. 5+ years of hands-on experience with infrastructure and/or application security in production environments
• Builder and breaker mindset. Ability to think like an attacker while building systems that are resilient, secure, and scalable
• Excellent communicator. You collaborate well across teams and can explain security risks without creating fear or friction
• Startup-ready. Comfortable working in a fast-paced, high-ownership environment where you’ll wear multiple hats

Responsibilities

• Design & implement foundational security architecture across infrastructure, cloud, endpoints, and applications. Familiarity with AWS suite of services including Security Hub, Inspector, Systems Manager, GuardDuty, CloudTrail, etc
• Own threat modeling, vulnerability management, and secure coding practices in partnership with engineering teams
• Deploy and manage security tools such as SIEM, EDR, and IAM solutions. Setup proper monitoring and alerting mechanisms
• Establish and enforce security policies & controls across systems and workflows. Incorporate OWASP Top Ten and OWASP API Top Ten counter-measures
• Lead incident response efforts, including detection, triage, resolution, and post-mortems
• Conduct internal audits & prepare for external audits (SOC 2, etc)
• Train and evangelize security best practices across technical and non-technical teams
• Help define and grow the security roadmap in line with business and regulatory priorities

Benefits

• Generous PTO - 20 vacation days
• Access to stock options and a comprehensive benefits plan
• A remote-first team with company paid, in-person socials and the option to work from our Toronto-based office
• Resources to help your professional development, including an L&D budget, performance reviews twice a year and ongoing feedback to ensure you reach your highest potential
• Work with an empathetic, high-performing team in a flexible, results-oriented environment