Senior Security Architect

KUBRA is seeking a highly skilled Senior Security Architect to design, implement, and oversee enterprise-grade security solutions across our cloud and hybrid environments. The ideal candidate will have deep expertise in cloud security, IAM, threat modeling, network security, and containerized architectures. You will be a trusted advisor to engineering and leadership teams, ensuring our systems and applications are secure by design and resilient against evolving threats.

This is a hybrid opportunity in Mississauga, ON.

• Perform security architecture design reviews and provide recommendations to improve the security posture of KUBRA's application, database, and cloud platforms.
• Perform periodic testing, code analysis, and security assessments of KUBRA owned applications.
• Govern Watch over cloud security systems for change and configuration control thereby suggesting changes to further improve the overall security posture.
• Partner with DevSecOps, Application and Infrastructure teams to ensure any vulnerabilities or issues are resolved per security guidelines.
• Stay up to date with current cyber security risk and analyze trends to proactively prevent problems.
• Assist in developing an overall organizational data strategy that is in line with business processes and contractual requirements.
• Identify and provide guidance on appropriate controls based on industry standards to drive cloud and customer security solutions framework based on business risk and cloud native threats.
• Develop and implement cloud security architectures focused on AWS.
• Assist in developing an overall organizational data strategy that is in line with business processes and contractual requirements.
• Establish and enforce secure application development practices, including secure coding, threat modeling, SAST/DAST and vulnerability management.
• Conduct security assessments of cloud infrastructure, applications, and CI/CD pipelines.
• Provide security guidance and best practices to Product and Service Delivery teams.
• Define and implement security policies, standards, and procedures for cloud and application security.
• Work with engineering and operations teams to integrate security controls within cloud-native services.
• Lead security reviews, architecture assessments, and risk analysis for new and existing applications.
• Monitor security trends, vulnerabilities, and threats in cloud and application security domains.
• Collaborate with compliance teams to ensure adherence to regulations such as PCI-DSS, SOC 1/2, ISO 27001 etc.
• Respond to security incidents and provide expertise in forensic analysis and remediation.
• Design and implement network security controls, including firewall configuration and management.
• Manage firewall solutions such as Akamai and cloud-native security services to protect applications and infrastructure.
• Ensure robust network security by implementing intrusion detection/prevention systems (IDS/IPS), web application firewalls (WAFs), and DDoS mitigation strategies.
• Design and implement database security controls, including data encryption, access control, and monitoring.
• Conduct database vulnerability assessments and ensure compliance with security policies.
• Work with database administrators to apply security best practices to relational and NoSQL databases.
• Implement data masking, tokenization, and audit logging for sensitive data protection.
• Develop and implement Infrastructure as Code (IaC) security best practices to ensure secure provisioning and configuration of cloud resources.
• Ensure security is embedded in IaC templates using tools like Terraform and AWS CloudFormation.

• 7+ years of experience in cybersecurity, with a focus on Security Architecture, cloud and application security.
• Strong knowledge of cloud security frameworks (AWS Well-Architected Framework, CSA-CCM, CIS Controls).
• Experience with securing cloud-native applications, microservices, and containerized environments (Kubernetes, Docker).
• Expertise in secure software development practices, including OWASP Top 10 and SAST/DAST methodologies.
• Familiarity with DevSecOps principles and tools such as Terraform, GitHub Actions, or AWS CodePipeline.
• Hands-on experience with identity and access management (IAM), encryption, and key management.
• Proficiency in scripting and automation using Python, Bash, or PowerShell.
• Experience with firewall technologies, network security principles, and secure network architecture design.
• Experience with database security, including best practices for relational and NoSQL databases.
• Experience with Infrastructure as Code (IaC) security and automation using Terraform, AWS CloudFormation, or similar tools.

• Exceptional communication skills — able to clearly articulate complex security concepts to both technical and non-technical audiences.
• Sharp analytical mindset — skilled at cutting through noise to identify and prioritize critical security events.
• Multitasking under control — thrive in fast-paced environments, managing multiple projects without losing focus or quality.
• Strategic project leadership — proven ability to plan, drive, and deliver complex security initiatives on time.
• Strong organizational discipline — adept at balancing priorities with excellent time management and problem-solving abilities.
• Calm under pressure — remain composed, decisive, and effective even in high-stakes security situations, working independently when needed.

• Thrive in an award-winning culture that champions growth, embraces diversity, and fosters inclusion for all. See our awards →
• Earn annual performance-based bonuses recognizing your contributions
• Enjoy generous benefit coverage with low premiums , plus a Healthcare Spending Account and Wellness Spending Account
• Invest in your future with RRSP matching Take time to recharge with paid vacation and sick days , and enjoy a paid day off for your birthday
• Make a difference with two paid volunteer days to support causes you care about
• Keep learning with free access to LinkedIn Learning and our education reimbursement program for continued development
• Feel appreciated through our employee recognition programs
• Support your mental health with a free premium Headspace membership
• Stay refreshed with unlimited access to fully stocked beverage stations
• Save more with exclusive Perkopolis retail discounts

KUBRA is an equal opportunity employer dedicated to building an inclusive and diverse workforce. We will provide accommodations during the recruitment process upon request by emailing recruitment- Information received relating to accommodation will be addressed confidentially. We thank all applicants for their interest; however, only candidates under consideration will be contacted.

#GTA2025

#LI-AA1

While we value the skills and experiences listed in our job requirements, we also recognize that talent comes in many forms, and welcome applications from candidates who meet most but not all specified requirements. If you possess a strong desire to learn and grow in a dynamic work environment, apply now

KUBRA is a fast-growing company that delivers customer communications solutions to some of the largest utility, insurance, and government entities across North America. KUBRA offers billing and payments, mapping, mobile apps, proactive communications, and artificial intelligence solutions for customers. With more than 1.5 billion customer interactions annually, KUBRA services reach over 40% of households in the U.S. and Canada. KUBRA is an operating subsidiary of Hearst.

Our office is small enough to allow creative individuals to flourish, yet large enough to provide long-term stability. We place a tremendous amount of responsibility on our team members to be productive, focused and self-motivated. We offer a casual work environment, competitive compensation and a stellar benefits program. 

KUBRA does not typically provide immigration-related assistance, including employment-based work visa (e.g. H-1B) sponsorship, work permit applications and extensions, permanent residence (green card) sponsorship, LMIA applications or permanent residency nominations. Candidates must ensure they have legal authorization to work in the U.S/ Canada. All sponsorship determinations are case by case based on business need.