City : Toronto

Category : Full-time

Industry : Finance

Employer : Sun Life Financial

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Position Summary:

The Senior Security Platform Engineer is responsible for effectively planning, designing, implementing, and monitoring security technologies and projects that support Sun Life’s security policies and procedures.  Your primary responsibilities will be Supporting in Scope Platform and Products and developing use case scenarios, enhancing the security of Sun Life’s corporate and production systems.  You will work closely with Enterprise Infrastructure, IT operations, Enterprise Architecture, and application development teams to identify risks to the business and lead security solutions to protect customer and financial information. 

The successful candidate must be able to interpret complex information, adapt as needed and have a deep understanding of security risks, data impact and controls to help mitigate the risk and provide countermeasures. 

A Senior Security Platform Engineer is a leader who is expected to participate fully in the planning of the work and to seek opportunities for process improvement. The successful candidate is strong in multiple Information Security domains and is expected to lead the efforts to solve complex security problems.

What you will do:

• Deploy, administer, and continuously enhance Mandiant Security Validation (MSV) within the Security Visibility program, including onboarding/updating adversary emulation content, scheduling and tuning validation runs, integrating results with detection/response processes, and producing actionable reporting/metrics to drive control and detection improvements.
• Analyze information systems utilizing various cybersecurity techniques and lead security initiatives and enterprise level projects implementing security solutions and performing POC/POV for new technologies.
• Able to work independently with high degree of ambiguity and deliver expected outcomes, be focused on the end deliverables, and build trust with internal clients and peers. 
• Responsible to deploy, support and maintain new and existing security technologies that are deployed within Sun Life and owned and supported by the team.
• Implement risk driven security controls and provide SME (Subject Matter Expertise) during Audit.
• Investigate and respond to security incidents, adhering to defined SLA’s..
• Identify risks to the business and recommend strategies to address those risks.
• Manage the capacity and resiliency of security systems protecting Sun Life’s internal and client data.
• Collaborate and build trust with security peers, vendors, and other Sun Life teams to enhance security posture and best practices.
• A change catalyst for Digital transformation, using JIRA, Confluence, estimating stories, setting definition of done, completing and tracking story updates and assignments.
• Smoothly transition and operationalize projects and products. This includes developing roles & responsibilities (RACI), completing product documentation and educating the teams who will be performing BAU (Business as usual) the day-to-day work.
• Document, update and maintain cyber security playbooks, policies and knowledge base articles used to support the established Incident Management and CSIRT processes.
• Continuously improve operational and security platform processes.

What you need to succeed:

• Minimum 5-7 years Information security and engineering experience with enterprise level security technologies in the one or more areas of: Perimeter, Endpoints, Crypto, Cloud, Email Security, Security Visibility, and Automation and Orchestration
• Minimum 3-year experience in successfully leading global information security projects.
• Previous security related experience in penetration testing, security investigations, or red team exercises
• Experience with security control validation (e.g., MSV), including MITRE ATT&CK mapping, translating findings into detection/control improvements, and communicating outcomes using clear reporting and metrics.
• An Information Technology University degree/college diploma in related discipline(s) or equivalent work experience
• Experience with security validation / breach-and-attack simulation platforms (e.g., Mandiant Security Validation (MSV)), including adversary emulation and using results to improve control effectiveness and detection coverage.
• Experience in managing 3rd party security service providers in delivering security services.
• Broad exposure to multiple security disciplines and in-depth exposure in Incident Response or Detection Engineering
• Knowledge of a broad range of security controls and risk management frameworks NIST & (ISO) 2700x standards
• Experience planning, researching, and developing security policies, standards, and procedures.
• Experience in a system administration role supporting multiple platforms and applications.
• Experience with Windows and Linux based operating systems.
• Experience in deploying enterprise level technology via managed projects using Scrum and Kanban methodologies.
• Knowledge of networking technologies, firewalls, web application firewalls and intrusion detection and prevention systems.
• Knowledge of AWS cloud technologies.
• Knowledge of disaster recovery, technologies, and methods.
• Extensive knowledge of Information Security principles, protocols, practices, and industry standards 

Preferred:  Certification(s) in data network engineering and/or security:  CCNP/CCNP-Security, CCSP, CISSP, GIAC-GCIA, GIAC-GCED, CompTIA, or equivalent security certification

Preferred Skills:

• Strong oral and written communicator with the ability to communicate security technical issues to peers and management
• Problem Solving – Identifies and resolves problems in a timely manner; Gather and analyzes information skillfully; Develops alternative solutions. Exceptional troubleshooting skills
• Analytical – Synthesizes complex or diverse information; collects and researches data.
• Critical Thinking – Uses logic and reasoning to identify alternative solutions/approaches to problems.
• Strong leadership and teamwork skills - Motivates others to perform well; effectively influences actions of others; accepts feedback from others.
• Pragmatic understanding of security problems, as a mix of technology and process issues, with the ability to pursue solutions at both layers within the organization. 
• Solid understanding of existing and emerging Information Security technologies 
• Self- Starter, strategic thinker in maturing deployed security technologies to ensure full capabilities are explored to meet enterprise security requirements.
• Strong hands-on technical skills in both security risks and implementing solutions.
• Strong investigative mindset with acute attention to detail, sense of ownership, urgency, and drive.

Note:

• Participate in teams 24x7 on-call support and be required to join major incident management calls to provide support and consultation

What’s in it for you:

• We’re honoured to be recognized as a 2026 Best Workplaces in Canada by Great Place to Work® Canada.
• We are thrilled to be recognized by Excellence Canada with their top-level certification, the Canada Order of Excellence for Mental Health at Work®, for prioritizing employee well-being, fostering a positive work culture, and achieving excellence in mental health.
• Wellness programs that support the three pillars of your health – mental, physical, and financial
• The opportunity to move along a variety of career paths with amazing networking potential.
• As a hybrid organization, you and your leader use business and Client need to choose where you work, at home or in the office

Must be able to satisfactorily complete applicable background checks prior to the start date and during employment, in accordance with Sun Life’s policies and practices.

The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors. In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance. Certain sales focused roles have sales incentive plans based on individual or group sales results.  

Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our Clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.

Persons with disabilities who need accommodation in the application process, or those needing job postings in an alternative format, may e-mail a request to thebrightside@sunlife.com.

We are proud to be a hybrid organization that offers our employees the choice and flexibility to work from both the office and virtually based on the needs of the business, our Clients and you! Several work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.

We may use artificial intelligence to support candidate sourcing, screening, interview scheduling.

We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

Salary Range:

Job Category:

Posting End Date: