Cyber Security Engineer

Cyber Security Engineer

Location: Toronto-661 University

Department: Digital and Cyber Security Engineering and Applications

 

This posting is to fill a current vacancy.

 

The Cyber Security Engineer is responsible for leading the security architecture and engineering practices at Public Health Ontario (PHO). This includes the design of cyber security controls and supporting the implementation, operation, and continuous improvement of cyber security and cloud security systems that protect Public Health Ontario’s (PHO) digital systems, data assets, and enterprise risk posture. The role functions as a senior hands on technical specialist and subject matter expert across on premises and cloud environments, supporting security operations, incident response, secure design, risk mitigation, operational execution and advisory activities.

Key Responsibilities-

Cyber Security Operations & Incident Response

• Working with the Cyber Security operations team, develop processes and implement technology to monitor, investigate, analyze, and respond to security alerts, events, and incidents using modern detection and response technologies.
• Provide expertise and support cyber security incident response activities, including threat analysis, containment, eradication, recovery, and post‑incident review.
• Lead investigations of cyber security incidents that require deep expertise involving both external threats and internal users, including employees, contractors, and privileged accounts.
• Work with cyber security partners to conduct proactive threat hunting and analysis of suspicious activity to identify advanced or persistent threats.
• Escalate and communicate security risks, incidents, and investigative findings to appropriate Manager and/or stakeholders with clear technical and risk‑based context.
• Participate in on‑call and after‑hours response activities as required to address time‑critical security incidents.

Cyber Security Investigations & Confidential Advisory Functions

• Act as a trusted technical advisor to management during employee‑related cyber incidents as the Lead and conduct cyber security investigations involving internal employees, including potential insider threats, policy violations, misuse of PHO systems, or inappropriate access to sensitive information.
• Produce confidential investigative reports, technical assessments, and expert findings for use by Human Resources, Legal Services, and executive leadership in disciplinary, corrective, or labour‑relations processes.
• Handle highly sensitive employee‑specific and labour‑relations‑related information in a strictly confidential capacity, exercising professional discretion, judgment, and independence.
• Independently determine investigative scope, methods, and response actions for complex, sensitive, or high‑risk cyber security incidents.
• Collect, preserve, analyze, and document digital and forensic evidence, including logs, access records, system activity, and security telemetry, in accordance with evidentiary, legal, and chain‑of‑custody requirements.

Security Engineering & Tooling

• Lead the design and implementation, configuration, operation, and optimization of security controls across enterprise environments, including Endpoint, network, and cloud detection and response (EDR/XDR/NDR).
• Security Information and Event Management (SIEM) and automation/orchestration (SOAR).
• Vulnerability management and continuous vulnerability assessment.
• Email security and anti‑phishing platforms.
• Network, firewall, container, and application security controls.

• Implement and maintain security controls in cloud environments (e.g., Azure, AWS, GCP), ensuring secure configurations and monitoring.
• Support the secure deployment and operation of SaaS platforms (including M365) by integrating and validating security features and controls.
• Implement security automation, scripting, and process improvements to enhance detection, response, and operational efficiency.

Risk, Architecture & Secure Design

• Translate business and operational requirements into technical security requirements and solutions.
• Analyze solution architectures, system designs, and technology changes to identify security risks, threats, and vulnerabilities.
• Recommend technical security controls and design improvements to reduce risk and improve resilience.
• Support security testing, assessments, and remediation activities. E.g. red/purple team, pen-tests, vulnerability assessments.

Vulnerability & Threat Management

• Perform vulnerability scanning, assessment, prioritization, and remediation tracking across infrastructure, applications, and cloud services.
• Apply threat intelligence, attacker techniques, and security frameworks to improve preventive and detective controls.
• Continuously evaluate emerging threats, vulnerabilities, and attack trends to proactively strengthen security controls.

Policies, Standards & Documentation

• Develop, maintain, and enhance security procedures, standards, technical documentation, and operational runbooks.
• Contribute to the implementation and alignment of security frameworks, standards, and best practices.
• Support audits, compliance activities, and security reviews by providing technical evidence and expertise.

Collaboration & Advisory Support

• Work closely with PHO’s IT, cloud, application, privacy, legal, and business teams to embed security into day‑to‑day operations and projects.
• Collaborate with external partners, vendors, and sector peers on cyber security matters and shared threat intelligence.
• Act as a trusted technical advisor on cyber security technologies, risks, and best practices.

Knowledge and Skills-

• Strong understanding of cyber security frameworks and standards (e.g., NIST, CIS, ISO 27001).
• Strong knowledge of attack techniques and defensive methodologies (e.g., MITRE ATT&CK, Cyber Kill Chain).

• Advanced hands‑on experience with security technologies, including SIEM, SOAR, EDR/XDR, firewalls, email security, cloud security tooling, and vulnerability management platforms.
• Experience working with MDR platforms such as Arctic Wolf or Microsoft Defender for Experts is preferred
• Strong understanding of security architecture, network communications, operating systems, and cloud infrastructure.
• Ability to collect, analyze, and interpret security telemetry, logs, and threat intelligence.
• Strong analytical and problem‑solving skills with the ability to operate effectively during high‑pressure security incidents.
• Detail‑oriented, highly organized, and capable of managing multiple concurrent priorities.
• Strong written and verbal communication skills, with the ability to explain technical security concepts to non‑technical audiences.
• Ability to work independently as well as collaboratively within cross‑functional teams.
• Continuous learner with a strong interest in emerging technologies, threats, and security practices.

Education and Experience-

• Degree or diploma in Information Security, Computer Science, Information Systems, Engineering, or a related field, or equivalent practical experience.
• Cybersecurity certifications with a focus on Microsoft Azure and Microsoft 365 security are preferred.
• Minimum 10 years' experience in progressive technology roles.
• Minimum 5 years' experience in roles with Cyber Security and Information Security job responsibilities (e.g., architecture, incident response, vulnerability management, etc.).
• Minimum of 5 years of cloud infrastructure experience, preferably Azure and/or AWS.
• Significant experience in enterprise IT environments, including systems, networks, and cloud platforms.
• Demonstrated hands‑on experience across multiple cyber security domains such as incident response, security operations, cloud security, and vulnerability management.
• Experience in regulated environments (e.g., healthcare, public sector, government) is an asset.

Attributes and Competencies-

• Works within the broad objectives of PHO and applicable government or policies, standards, rules.
• Assesses and advises leadership on how best to manage cyber risk across programs against established risk system/model business or programs.
• Advises best course of action during cyber incidents. Must be able to provide sound judgement under significant stressors.
• Acts as a thought leader and thinker for cyber security across the organization to drive sound, innovative, and compliant approaches to Cyber and Information Security.
• Promotes and leads the operational implementation of cyber security strategies, directions, and practices.
• Monitors and ensures alignment of security practices, controls, patterns, and solutions across all domains to mitigate identified risks and gaps.
• Identifies issues and recommends options for risk management at appropriate levels within PHO and with external partners.

Duration: Permanent

Hours of Work: Full time, 36.25 hours per week

Compensation Group:Ontario Public Service Employees Union

Compensation Range :$54.90 - $70.06

Posting Date: 05-4-2026

 

Closing Date: 05-19-2026

Please note: applications will be received no later than 11:59pm on the date preceding the closing date as indicated on the Job Requisition.

Note: Internal candidates will be considered first.

While we thank all applicants for their interest, only those selected to move forward in the recruitment process will be contacted.  Any information obtained during the course of recruitment will be used for employment recruitment purposes only, and not for any other purpose.

PHO is committed to ensuring equity in employment. Our goal is to create a diverse, inclusive workforce that reflects the communities we serve and to ensure our services and communications are accessible to all individuals. Any candidate who requires a job posting in an alternative format may email a request to HR_Inquiries@oahpp.ca. Once an applicant has been selected for an interview, they can inform PHO about any accommodations they may require at any stage of the interview process.