Senior Security Engineer

Who We Are; What We Do; Where We’re Going

Magnet Forensics is a global leader in the development of digital investigative software that acquires, analyzes and shares evidence from computers, smartphones, tablets and other IoT related devices. We are continually innovating so that our customers can deploy advanced and effective tools to protect their companies, communities and countries. 

Earlier this year, we shared the exciting news that Grayshift and Magnet Forensics have come together as one organization to accelerate innovation and transform digital investigations for our customers. We’re pleased to share that the combined organization is operating as Magnet Forensics!

The combination of mobile, cloud, and computer forensics expertise under the Magnet Forensics name underscores our dedication to providing comprehensive, end-to-end DIFR solutions. This includes our commitment to helping with access to modern digital devices lawfully with our renowned product suite. And, our focus on innovating for the DFIR community, along with our shared mission, continues to be the top priority!

Magnet is continuing to expand and grow.  Where we are today, is not where we will be tomorrow.

Role Summary

We are seeking a highly skilled and motivated Security Engineer to join our dynamic team and play a key role in ensuring the security and integrity of our organization's products and customers’ data. The Security Engineer will be part of the engineering organization and responsible for implementing, managing, and enhancing security measures across our applications, products, and services to protect against potential cyber threats and attacks. This role requires a strong technical background, a deep understanding of security best practices, and the ability to collaborate with developers and engineering teams to identify and mitigate security risks effectively. You’ll be a part of a talented team responsible for a wide range of product and engineering security programs.

• Application Security: Design, implement, and maintain application security processes and tooling such as SAST, SCA, containers, etc.
• Security Architecture/Code Review: Collaborate with software developers and system administrators to review and improve the security architecture of new and existing applications, systems, and code. Familiarity with threat modelling, design reviews are helpful.
• Product Vulnerability Management: Conduct regular security assessments, vulnerability scans, and web application scanning. Work with engineering teams on notification, remediation, and patching strategies.
• Security Monitoring and Analytics: Monitor security events, analyze logs, and generate reports to identify suspicious activities, potential threats, and security breaches.
• Compliance: Establish and enforce security policies, standards, and guidelines in alignment with industry best practices, legal requirements, and internal security policies.
• Cloud Security: Familiar with security features and services for major cloud providers such as AWS and Azure. Design, implement, and maintain security infrastructure components such as Security Hub, Inspector, Config, Defender for Cloud
• Incident Response: Investigate security incidents and breaches to determine the root cause and implement necessary corrective actions to prevent future occurrences.

• Degree or diploma in relevant field or equivalent work experience. Relevant certifications (e.g., CISSP, CISM, CompTIA Security+) are a plus.
• Proven experience as a Security Engineer or in a similar role, demonstrating hands-on experience in security implementation and management.
• Strong knowledge of security protocols, cryptography, and common security technologies.
• Ability to automate security tasks and integrate with various CI/CD tooling and processes.
• Comfortable with one or more scripting languages and reading basic scripts (python, C#, powershell, bash, etc…)
• Comfortable with writing pipelines for automation tasks (Jenkins, AzDO, GitLab, Github)
• Comfortable writing IaC (CDK, CloudFormation, Terraform)
• Familiarity with industry regulations and frameworks such as ISO 27001, SOC2, NIST 800-53, etc…
• Excellent problem-solving and analytical skills to identify and address security vulnerabilities effectively.
• Strong communication and interpersonal skills to collaborate with cross-functional teams and articulate complex security concepts to non-technical stakeholders.

• We’re looking for candidates that can provide examples of how they demonstrated Magnet CODE in their previous experiences.

• CARE  -We care about each other and our mission to make a difference in the world.
• OWN  -We are accountable for or results – while never forgetting to act with integrity, empathy, and respect.
• DEDICATE  -We put our heart and soul into meeting the needs of our customers and helping them serve the people they protect.
• EVOLVE  -We are constantly innovating and exploring new ways to work together to make an impact with our work.

We’re committed to continuous learning and are focused on building a diverse and inclusive workforce. This commitment will be reflected in our hiring processes and embedded in our values and how we treat one another. If you’re interested in this role, but do not meet all of the qualifications listed above, we encourage you to apply anyways.

Magnet Forensics is an Equal Opportunity Employer and considers applicants for employment without regard to race, colour, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, provincial, or local law.

We are committed to providing an inclusive, accessible recruitment process and work environment. Accommodation is available to all applicants upon request throughout the hiring process. If you require accommodation, please let our talent team know, or you can email aoda@magnetforensics.com.