Director, Security Engineering & Remediation

What is the opportunity?

As “Director, Security Engineering & Remediation", you will establish and lead a dedicated engineering team focused on hands-on remediation of vulnerabilities primarily within application code, container platforms, cryptography, and security hardening. You will design and implement robust processes, technical solutions, and automation specifically targeting vulnerabilities identified through container scans, application security testing (SAST, DAST, IAST, SCA), cryptographic assessments, and insider threat risk monitoring. Leveraging your deep software development expertise, architectural knowledge, and familiarity with OWASP Top 10, SANS 25, and threat modeling, you will enhance software security, container resilience, and proactively identify and mitigate insider threats through behavioral analytics and continuous log monitoring.

What will you do?

• Build and lead a specialized security engineering team dedicated to direct vulnerability remediation primarily within application code, container environments (Docker, Kubernetes), cryptography, infrastructure-as-code (IaC), and system hardening.
• Implement and manage technical security solutions and automation focused on container security scanning results, software vulnerability remediation, and insider threat detection.
• Collaborate closely with development teams to directly address vulnerabilities identified by security testing tools (SAST, DAST, IAST, SCA).
• Design, implement, and manage an insider threat risk monitoring program, including user behavior analytics, anomalous activity detection, and continuous oversight of critical application logs to detect and investigate suspicious activities.
• Conduct hands-on remediation of application vulnerabilities aligned with OWASP Top 10, SANS 25, and enforce secure coding best practices.
• Drive integration of security remediation and insider threat detection capabilities into CI/CD pipelines, enhancing DevSecOps effectiveness.
• Communicate technical remediation progress, insider threat detection initiatives, issues, and achievements clearly to senior stakeholders and management.

What do you need to succeed?

Must-have:

• 10+ years of experience in software development and cybersecurity engineering roles, with significant hands-on expertise in application vulnerability remediation, container security, secure coding practices, and insider threat detection.
• Proficiency technical experience with scripting languages (e.g. Python, PowerShell, etc.) and familiarity with multiple programming languages (e.g. Java, C#, C++, SQL, etc.) for software development and vulnerability remediation.
• Extensive hands-on experience with application security testing tools (SAST, DAST, IAST, SCA) and direct remediation activities.
• Technical expertise with container security (Docker, Kubernetes), infrastructure-as-code (IaC) security (e.g. Terraform), vulnerability remediation, insider threat detection, and security automation tools.

• Strong architectural knowledge, comprehensive understanding of secure software development lifecycle (SSDLC) practices, and familiarity with OWASP Top 10, SANS 25, and threat modeling methodologies.

Nice-to-have:

• Relevant security certifications (CSSLP, GWAPT, OSCP, CISSP, or equivalent).
• Experience in financial services or highly regulated industries.
• Hands-on experience with container security scanning tools such as Aqua and remediation of identified issues.
• Strong understanding of cryptographic best practices and system hardening techniques.
• Demonstrated ability to lead technically focused teams within complex, multi-stakeholder environments.

What’s in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.
• Leaders who support your development through coaching and managing opportunities.
• Ability to make a difference and lasting impact.
• Work in a dynamic, collaborative, progressive, and high-performing team.
• A world-class training program in financial services.
• Flexible work/life balance options.
• Opportunities to do challenging work.

#LI-Hybrid

#LI-POST

#TECHCPJ

Job Skills

Additional Job Details

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Inclusion and Equal Opportunity Employment

At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.