Job Title

E INC is the parent company of EBlock and EDealer, unifying our approach to products, services, and strategies under one Vision and one Mission: to create the best digital auction and retailing platform in the world by connecting the automotive wholesale and retail experiences. Our brands and their technologies make it easy for a vehicle to move between buyers and sellers throughout its entire ownership lifecycle. Learn more at https://e.inc/about We are seeking an experienced, detail-oriented Cybersecurity Engineer to strengthen our organizations information security posture across endpoints, networks, cloud services, and applications. Responsibilities Own threat and vulnerability management, driving remediation of misconfigurations and weaknesses across our environment. Manage and tune security monitoring and incident response capabilities using SIEM and observability tools (e.g., Datadog and log pipelines). Administer our endpoint, web, and Zero Trust security stack, including SentinelOne for EDR/CNAPP, Zscaler for secure access and DLP, and Cloudflare for WAF, DNS, and Zero Trust web security. Support compliance and governance efforts (focus on SOC2, ISO27001, NIST). Work closely with development and cloud teams to secure workloads in AWS and fix vulnerable packages and dependencies in existing applications. Collaborate with IT, infrastructure, and application teams to design, implement, and continuously improve security controls that are practical, measurable, and auditready. Threat & Vulnerability Management Identify, assess, and prioritize vulnerabilities and misconfigurations across endpoints, networks, cloud environments, and applications. Work with infrastructure and application owners to define and maintain secure configuration baselines and ensure timely remediation. Use vulnerability management and configuration assessment tools (including SentinelOne, cloudnative security services, and coderepo/package alerts) to track progress and risk reduction over time. Partner with development teams to review and remediate vulnerable thirdparty packages and libraries in existing applications. Security Monitoring & Incident Response Configure, manage, and tune SIEM / security monitoring solutions (Datadog, cloud logs, other telemetry) for highquality, actionable alerts. Act as an escalation point for highseverity security incidents, including triage, containment, investigation, and recovery. Maintain and improve Incident Response runbooks and procedures (phishing, malware, account compromise, data exfiltration). Participate in and design Disaster Recovery (DR) and Business Continuity Planning (BCP) tabletop exercises, incorporating security scenarios. Endpoint, Network & Cloud Security Administer and optimize SentinelOne for endpoint detection and response. Configure and manage Zscaler (Internet, Private Access, DLP) for secure internet and application access. Oversee Cloudflare security configurations for web applications and network services (Zero Trust, WAF, DNS). Secure AWS workloads (IAM, security groups, network segmentation, logging, encryption) and integrate security controls into existing services. Collaborate with network/infrastructure teams to apply Zero Trust and defenseindepth principles across offices, remote users, and auction environments. Application & Change Security Collaborate with developers and product teams to remediate security findings in existing services. Update or replace vulnerable packages and libraries, adjust application and container configurations, and validate fixes with followup testing. Provide security input into change management processes, ensuring significant changes consider security impact and include rollback and validation plans. Contribute to secure coding and dependency management guidance for teams maintaining existing systems. Compliance, Governance & Audit Support Support SOC2 and related compliance programs by maintaining technical evidence of security controls. Work with internal stakeholders and external auditors to align security measures with SOC2, ISO27001, and NISTaligned controls. Enhance, document, and automate security controls for continuous audit readiness using FreshService and Trelica. Email & Data Security Improve email security configurations (phishing protection, DKIM/SPF/Dmarc, impersonation protection, safe links/attachments). Implement and tune data loss prevention (DLP) and encryption controls across endpoints, email, and web traffic. Enforce device posture and encryption requirements for managed endpoints with Hexnode MDM. Collaboration & Travel Work with crossfunctional teams to embed security into technical and business processes. Provide guidance during new technology evaluations, deployments, and changes, especially those impacting AWShosted services. Travel up to 25% (incl. occasional visits to offices or auction sites). Qualifications 35years of experience in cybersecurity or a similar technical security role. Handson experience managing and securing workloads in AWS (IAM, security groups, CloudTrail, VPC/networking, Security Hub, Inspector, logging/monitoring, encryption). Strong understanding of SIEM, endpoint protection, and network security principles. Practical experience with Zscaler, SentinelOne, and Cloudflare for secure access, endpoint protection, and web application security. Experience remediating vulnerabilities in existing applications, including updating packages and validating fixes with monitoring and logs. Knowledge of incident response frameworks and playbook/runbook development. Experience providing or managing SOC2 technical evidence and working with auditors. Excellent troubleshooting and problemsolving skills. Ability to work independently in fastpaced environments with minimal supervision. Valid drivers license and ability to travel as required. Languages: English (required); French (asset). Preferred: Experience with additional cloud platforms (GCP, multicloud patterns). Background supporting compliance programs such as SOC2, ISO27001, NIST. Experience with ITSM and assetmanagement tools (FreshService), MDM platforms (Hexnode), and SaaS/costmanagement tools (Trelica). Compensation & Benefits Competitive salary: $120,000$140,000+bonus plan. Other benefits include paid time off, RRSP, life insurance, continuous learning, flexible working environment, and an amazing culture. Competitive pay Medical, Dental & Vision 401k/RSP programs Companypaid Group Life/AD&D insurance Paid time off Flexible working environment Continuous Learning Company Information E INC is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. We are an equalopportunity employer and affirmatively seek diversity in our workforce. E INC takes cybersecurity seriously and does not require bank information, date of birth, social identification information, or upfront fees as part of our application process. E INC may use AI tools to support candidate screening but they do not replace human decisionmaking. #J-18808-Ljbffr