Cybersecurity Engineer

ABOUT US

Localcoin, founded in 2017 with headquarters in Toronto, is on a mission to simplify the process and experience of buying or selling digital currencies globally. We envision bringing digital currency to the mainstream financial market through partnerships with leading corporate and franchised retail spaces. With terminals across Canada, Poland and the APAC region, including Australia, Hong Kong, and New Zealand, Localcoin is now the fastest growing Bitcoin ATM operator in the world.

At its core, Localcoin believes that everyone should be able to own cryptocurrency and have a deep understanding of blockchain technology. As a member of our rapidly growing team, you'll join a talented, dynamic group of team members who will encourage you to learn, grow, and thrive in your career every step of the way.

We are a high-ownership engineering organization focused on building secure, resilient, and scalable systems in a rapidly evolving regulatory and threat landscape.

As one of the earliest dedicated security hires, you’ll play a foundational role in shaping our security posture, tooling, and engineering practices across the company.

THE ROLE

Salary Range: $100,000 - $150,000

We’re looking for a hands-on Cyber Security Engineer with strong DevSecOps instincts to help design, build, and mature security capabilities across our infrastructure, applications, and operational environments.

This is primarily an engineering role (roughly 80% engineering / 20% governance) focused on implementing scalable security solutions, improving visibility and detection capabilities, hardening infrastructure, and partnering closely with engineering teams to build secure systems by default.

You’ll work directly with the Director of Engineering and collaborate across platform, backend, infrastructure, compliance, and operations teams.

This role is ideal for someone who thrives in high-autonomy environments, enjoys solving difficult infrastructure and security problems, and wants meaningful ownership in a fast-moving fintech/crypto company.

This position will be based out of our office in Etobicoke, ON, and will have a hybrid work schedule of 2 days a week. 

WHAT YOU’LL BE DOING 

• Design, implement, and harden security infrastructure across our AWS-based cloud environment.
• Build and improve vulnerability management and reporting processes across infrastructure and applications.
• Lead and coordinate security incident response efforts, including investigation, remediation, and postmortem analysis.
• Implement and manage SIEM, monitoring, alerting, and detection capabilities
• Partner with engineering teams to design and maintain secure systems and development practices.
• Develop automation and tooling to improve security operations and reduce manual processes.
• Evaluate and strengthen IAM policies, access controls, and cloud security configurations
• Support application security initiatives including secure SDLC practices, threat modeling, and testing workflows.
• Manage external penetration testing engagements and remediation tracking
• Collaborate with vendors, auditors, and compliance stakeholders on security and regulatory initiatives.
• Contribute to policies, standards, and operational procedures aligned with evolving regulatory requirements.
• Assess the organization’s overall security posture and provide practical recommendations for improvement.

WHAT WE’RE LOOKING FOR 

• 3–5 years of hands-on experience securing AWS and cloud-native infrastructure, including infrastructure hardening, IAM, networking, and cloud security best practices. 
• Deep understanding of networking, Linux systems, IAM, and infrastructure security principles.
• Experience with application security practices and secure software delivery.
• Experience managing penetration testing programs and remediation processes.
• Experience operating in fintech, cryptocurrency, or other regulated environments.
• Strong understanding of modern security threats, attack vectors, and defensive controls.
• Ability to write code, automation, or tooling to improve security operations.
• Experience working cross-functionally with engineering and infrastructure teams.
• Strong incident response and troubleshooting capabilities.
• Comfortable operating in high-ownership, fast-moving environments with evolving priorities.

NICE TO HAVE: 

• Experience implementing or operating SIEM platforms.
• Security automation and orchestration experience.
• Detection engineering experience.
• Experience with SAST/DAST tooling and workflows.
• Familiarity with compliance and regulatory frameworks such as FINTRAC, MiCA, DORA, PIPEDA, PCI-DSS, or SOC 2.
• Security certifications such as OSCP, CISSP, GIAC, Security+, or cloud security certifications.

OUR ENVIRONMENT

You’ll work across a modern cloud-native stack including:

• AWS
• EC2 / ECS
• RDS
• Snowflake
• Java-based services
• Crypto ATM infrastructure
• Complex VPC and networking environments

WHAT SUCCESS LOOKS LIKE:

In your first 6–12 months, you will:

• Evaluate and improve our overall security posture.
• Identify key risks and security gaps across infrastructure and applications.
• Establish scalable vulnerability management and reporting processes.
• Improve monitoring, detection, and incident response capabilities.
• Help engineering teams adopt stronger security-by-default practices.
• Contribute to building a mature and pragmatic security program that scales with the business.

WHAT YOU’LL LOVE ABOUT US

• Competitive Salary & Benefits – We value and reward our team members.
• RRSP Group Matching Program – We invest in your financial well-being.
• Hybrid Work Environment – Enjoy flexibility while being part of a dynamic team.
• Professional Development – Opportunities for learning and growth covered by Localcoin.
• Team Culture & Events – Regular socials, team meetings, and collaborative workspaces.
• Impactful Work – Play a key role in a growing company and make a real difference.
• Great Place to Work® Certified – Proudly recognized for our positive workplace culture and employee experience 2 years in a row. 

JOIN OUR INCLUSIVE TEAM

Localcoin is committed to building an inclusive, accessible, and equitable workplace. We welcome applicants from all backgrounds and do not discriminate based on race, ancestry, place of origin, color, ethnic origin, citizenship, creed, sex, sexual orientation, gender identity or expression, age, marital status, family status, or disability.

If you require accommodation at any stage of the recruitment process, please notify the Talent team or email [email protected].

Applicants must be legally eligible to work in Canada. At this time, we are not able to provide visa sponsorship.

AI DISCLOSURE STATEMENT

We want to share that we may use artificial intelligence (AI) tools to help screen and assess applications. While technology helps us stay organized and efficient, every hiring decision at Localcoin is made by real people who care about finding the best addition to our team. These tools are used to support our process—not to replace the human judgment and connection that are core to our culture.