Senior Cloud Security Operations Engineer

Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.

This position is hybrid out of Ottawa, ON

Position Summary:

Thales Cyber Security Products (CSP) is a worldwide leader in data protection, providing everything an organization needs to protect and manage its data, identities and intellectual property – through encryption, advanced key management, tokenization, and authentication and access management. We are looking for talented Security professionals who can help us secure our next generation of security products.

We are seeking a Senior Cloud Security Operations Engineer to join our growing Cloud Security team. In this role, you will lead efforts to secure our multi-cloud environment, monitor for threats, respond to incidents, and ensure compliance with industry standards. You will work closely with DevOps, Service and Engineering teams to identify vulnerabilities, define security requirements, and implement best practices for protecting sensitive data and services.

This is a hands-on technical position ideal for someone with deep cloud security expertise, strong analytical skills, and a passion for safeguarding enterprise environments.

Essential Functions:

Cloud Security Operations

• Manage, monitor, and enhance the security posture of cloud environments (AWS, GCP, Azure etc.).
• Oversee the implementation and tuning of full security tooling stack including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP) and Endpoint Detection (EDR) tools.
• Develop and maintain automation for threat detection, incident response, and compliance reporting.

Supporting Dev, DevOps & Service Teams

• Act as a security partner to development and service teams, ensuring security is built into applications and infrastructure from the start.
• Build relationships with DevOps and engineering teams to foster a security-first culture.
• Provide guidance on secure architecture, cloud configuration, IAM, and data protection strategies.
• Review Infrastructure-as-Code (Terraform, CloudFormation, etc.) for security compliance and vulnerabilities.

Threat Detection & Incident Response

• Lead investigations into security alerts, potential breaches, and suspicious activity.
• Participate in an on-call rotation to respond to issues or problems arising during non-business hours and provide support and response.
• Perform forensic analysis and root cause investigations in cloud environments.
• Coordinate with cross-functional teams to contain and remediate incidents.

Risk & Compliance

• Ensure compliance with frameworks such as SOC 2, ISO 27001, PCI-DSS and cloud security benchmarks like CIS.
• Conduct regular security assessments, including vulnerability scans and configuration audits.
• Partner with internal teams to ensure security-by-design in new deployments.

Collaboration & Leadership

• Act as a subject matter expert (SME) for cloud security controls, operations and tooling.
• Provide clear reporting and risk insights to leadership and stakeholders.

Minimum Requirements:

• 7+ years of technical experience or a Bachelor’s degree in Computer Science, Electrical Engineering, or Engineering with an additional 5 or more years InfoSec/IT Security Experience.
• 7+ years of experience in Information Security, with at least 5 years hands-on work securing cloud environments.
• Strong understanding of Cloud Security/Cyber Security concepts, practices and procedures.
• A strong understanding of IAM, role based access controls, network security, and cloud infrastructure security.
• Proven track record of researching, implementing and tuning all security controls for cloud environments such as AWS, GCP and/or Azure.
• Proficiency with modern security tools including SIEMs (e.g., Splunk, XSIAM), SOAR platforms, CSPM/CWPP, scanning and endpoint detection tools.
• Strong understanding of encryption, security and authentication protocols including TLS, SSH, OAuth, SAML, and Kerberos.
• Experience with Infrastructure as Code technologies (e.g. Terraform, CloudFormation) and GitOps. Capable of configuring IAM permissions, authentication, and automation through Policy as Code.
• Familiarity with various network controls including proxies and reverse proxies, network and application load balancers, stateful and deep packet inspection.
• Knowledge of Linux and Windows administration and OS hardening.

Preferred Qualifications:

• Demonstrable experience in solving challenging security problems using knowledge and/or skills.
• One or more of the following certifications (or similar): CISSP, or cloud security certifications such as AWS Certified Security – Specialty, Azure Security Engineer, or GCP Security Engineer.
• Experience on a Computer Incident Response Team (CIRT) or Security Operations Center (SOC) team.
• Familiarity with container orchestration (Kubernetes, ECS, EKS, AKS) and securing serverless workloads.
• Experience performing vulnerability assessments and threat modeling.
• Demonstrable Experience with DevSecOps practices and CI/CD security integration. Scripting/automation skills example Python, Bash, PowerShell.

Total Target Cash (TTC): 89,968.16 - 120,516.05 - 182,564.53 CAD Annual

Thales provides an extensive benefits program for all full-time employees working 24 or more hours per week and their eligible dependents, including the following:

• Company paid Extended Health, Dental, HSA, Life, AD&D, Short-term Disability, Cancer Care Program, travel insurance, Employee Assistance Plan and Well-Being program.
• Retirement Savings Plans (RRSP, DCPP, TFSA) with a company contribution and a match to a DCPP, with no vesting period.
• Company paid holidays, vacation days, and paid sick leave.
• Voluntary Life, AD&D, Critical Illness, Long-Term Disability.
• Employee Discounts on home, auto, and gym membership.

Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.