MindBridge is the global leader in AI-powered financial risk intelligence. Our platform, MindBridge AI™ is enabling finance and audit professionals to build the AI-powered finance department of the future. With over 120 billion financial transactions analyzed with MindBridge's AI, we set the standard for innovation, scalability, and customer satisfaction.

At MindBridge, we're driven by innovation and excellence, united as a team to revolutionize financial integrity. Here, your ideas matter, and your efforts make a meaningful impact. If you're passionate about using AI to drive positive change, MindBridge is the perfect fit. What distinguishes us is our unwavering commitment to our values: Innovation, Collaboration, and Integrity. These principles foster a vibrant workplace culture, where appreciation and a strong sense of community flourish.

About the Role:

We are looking for an Application Security Engineer with a passion for security automation, secure cloud architecture, cutting edge technologies, and DevSecOps excellence. You will be responsible for embedding security throughout our production environments and software development lifecycle (SDLC), automating controls, and safeguarding our AI-driven infrastructure working alongside development, operations, and IT/Security teams.

Key Responsibilities:

Risk identification, mitigation, and education

• Collaborate with MindBridge software developers and SREs to resolve security issues early. Provide guidance to developers on secure coding practices.
• Participate in design reviews and code reviews to identify issues through threat modeling.
• Work with our vulnerability management team to triage and resolve vulnerabilities and findings from pen tests.

Integrate security into the delivery pipeline

• Maintain and enhance our SAST, DAST, SCA, and container image scanning components within CI/CD workflows.
• Implement policy-as-code for infrastructure and Kubernetes clusters.
• Continuous security awareness
• Keep up with the latest CVE alerts, threat intelligence, and cloud-native security tools.
• Contribute to security playbooks, incident response procedures, and team-wide awareness sessions.
• Assist with novel questions in customer security questionnaires
• Participate in our annual SOC 2 & ISO audit programmes

LLM & Cloud Security

• Define secure usage patterns for LLMs (e.g., input validation, red-teaming).
• Secure our Azure cloud infrastructure, ensuring compliance with Zero Trust Architecture principles.
• Take part in reviewing LLM vendors and vendor deployments.
• Manage key initiatives, track outcomes, and support strategic decision-making with crisp data and context.

Requirements

Desired Skills & Experience:

• 5+ years in DevSecOps, Cloud Security, or related roles.
• Written communication is key as this is a remote work team.
• Expert in securing Azure cloud environments (RBAC, NSGs, Key Vault, Defender for Cloud).
• Strong automation and scripting with tools such as Python, Bash, Terraform, and Helm.
• Experience with Kubernetes (AKS preferred) and container security (e.g., image hardening, runtime protection).
• Experience with version control (Git) and exposure to software development best practices for backend (Java/Python) and frontend (Angular)
• Familiarity with:
• CI/CD systems
• SAST/DAST tools
• Secrets management
• SIEM and security logging pipelines.

Requirements contingent on employment:

• Fulfill requirements necessary to obtain full background check.

• This is a remote position based in Ottawa. There may be an in-person interview component. The successful candidate will be expected to spend 2 days a week in office during their probationary period.

Preferred qualifications

• Azure Security Engineer Associate or other relevant certifications (CISSP, CKS, etc.)

• Experience working in ISO 27001 or SOC 2 compliant environments.

• Familiarity with LLM threat models and generative AI safety techniques.

• Contributions to open-source projects or security research a plus.

Benefits

Why You'll Love Being Part of Our Team: