Cybersecurity Engineer

The Company

Merchant Growth is Canada's leading fintech for small business financing and one of the country's most recognized growth stories, celebrated by The Globe and Mail's Top Growing Companies and BC Finalist for Deloitte's Best Managed Companies. We're on a mission to fuel the ambitions of Canadian business owners with the most convenient, accessible, and trusted financing experience in the market. Powered by a rapidly advancing tech platform and a team that loves to build. What we're building something genuinely moves the needle for business owners across Canada.

As a Cybersecurity Engineer, you'll play a key role in shaping the products and systems that drive that impact. You'll join a high-performing, creative, and collaborative group known for scaling teams with intention, solving meaningful challenges, and creating space for talented people to do their best work. If you're energized by growth, excited by tough and rewarding challenges, and looking for a place where your contributions matter, this is the opportunity that makes careers.

The Role

We are seeking a talented Cybersecurity Engineer to strengthen our security across cloud, identity, and endpoint systems. This role will manage security tools, reduce vulnerabilities, enhance exposure management, and support SOC 2 and PIPEDA readiness. The ideal candidate is a proactive, detail-oriented professional with expertise in cloud security, identity and email protection, and compliance operations.

Main Functions

• Operate and manage vulnerability and exposure management platforms to identify, prioritize, and reduce security risks
• Consolidate vulnerabilities from scanners, pentests, and AppSec tools into a unified remediation workflow
• Validate remediation activities performed by Infrastructure through configuration reviews and rescans
• Configure and tune email and identity security controls (MFA, Conditional Access, anti-phishing, authentication rules)
• Implement and maintain security baselines across Azure, GCP, identity systems, and SaaS applications
• Configure and administer security settings within SASE, cloud, identity, and email security platforms
• Ensure endpoints, cloud workloads, identity systems, and SaaS platforms remain correctly logged and monitored
• Support incident response by coordinating with MDR/SOC providers and internal teams
• Maintain SOC 2 / PIPEDA evidence, perform access reviews, validate configuration compliance, and support audits
• Maintain the security risk register, track remediation plans, and document risk acceptance decisions
• Conduct security posture assessments and provide actionable recommendations
• Develop and update security procedures and contribute to organizational policies

Required Experience, Knowledge, and Skills

• 3+ years of hands-on cybersecurity engineering experience
• Strong understanding of cloud security (Azure and/or GCP)
• Experience with vulnerability or attack surface management tools
• Hands-on experience with identity security (MFA, Conditional Access, privileged access governance)
• Understanding of email security protections and phishing defense
• Experience analyzing alerts from MDR/SIEM/EDR platforms
• Ability to translate security findings into remediation plans
• Strong documentation and audit evidence preparation skills
• Excellent communication skills to collaborate with IT, Engineering, and leadership

Other Assets

• Familiarity with Zscaler SASE solutions
• Experience with Google Workspace
• Familiarity with Semgrep, Snyk, or other AppSec tools
• Exposure to SOC 2, ISO 27001, or NIST CSF
• Scripting ability (PowerShell, Python)
• Experience in fintech or regulated environments

Success Factors

•  Reduced vulnerabilities and exposure across cloud, identity, endpoint, and SaaS environments
•  Strong email and identity security posture
•  Reliable logging and monitoring coverage for MDR
•  Clean and complete SOC 2 / PIPEDA evidence repository
•  Effective collaboration with Infrastructure and Engineering
•  Timely and accurate responses to MDR escalations
•  No recurring high-risk misconfigurations

What We Offer

• Hybrid work (primarily remote with some in-office requirements)
• An exciting position with a leading Canadian fintech company
• A remote workplace with an option to work in office (we are in Gastown)
• Competitive salary
• Comprehensive group health benefits (Life, AD&D, Extended Health & Dental and Travel Insurance)
• Company-wide monthly Lunch and Learns and team events
• A collaborative team environment
• Education and learning benefits

We thank all applicants for their interest; however, only selected candidates for further consideration will be contacted.