Edtech.com's Summary

Docebo is hiring a Senior Security Engineer to protect the company's infrastructure and data security, focusing extensively on cloud environments. The role involves implementing security measures, managing incident response, collaborating with cross-functional teams, and leveraging automation and AI to enhance security operations.

Highlights

Design, implement, and maintain security tools and measures across systems and cloud infrastructure.
Collaborate with Cloud Infrastructure & Operations teams to develop robust cloud security solutions.
Manage endpoint and email security to prevent unauthorized access and reduce risks.
Lead incident response processes including investigation, root cause analysis, and remediation.
Enforce Role-Based Access Control (RBAC) and manage Identity and Access Management (IAM) solutions.
Monitor vulnerabilities and oversee remediation efforts promptly.
Utilize SIEM and detection engineering practices to improve threat detection and response.
Develop security best practices and provide training to foster a security-aware culture.
Experience with AWS (preferred), SIEM, EDR, automation platforms, scripting, and cybersecurity frameworks like MITRE ATT&CK and NIST CSF.
Requires 5+ years in cybersecurity roles focusing on incident response, SOC operations, or IR consulting.

Senior Security Engineer Full Description

Artificial Intelligence. Actual Impact.

At Docebo, AI isnât just a buzzword â itâs how we help teams move faster, perform better, and focus on the work that actually matters. Our learning platform is built with smart, time-saving tools that personalize training, cut the busywork, and make learning feel like less of a chore (and more of a superpower).

Weâre building the future of learning, and weâre doing it with a team that loves to challenge the status quo. If you're excited by the idea of using AI to make work-life better for real people â not just in theory â you're in the right place.

Still thinking it over? At Docebo, values arenât just posters on the wall â they show up in how we work every day. We lead with what we call the Docebo Heart: we trust each other, assume positive intent, and make space for the differences that make our team stronger.

Soâ¦ what are you waiting for? Join 900+ Docebians around the world and help us reinvent the way people learn.

About This Opportunity:

The Senior Security Engineer will play a major role in safeguarding Docebo's infrastructure, data security, and integrity, particularly within cloud environments. Working closely with Cloud Infrastructure & Operations teams, IT, Developers, and other Security teams, the Security Engineer will design, implement, and maintain security measures and tools to protect systems and information. They will advocate for and support adopting best practices to safeguard company assets while ensuring an optimal user experience for our internal users. They will monitor and respond to threats against Docebo's systems and users, leading the incident response process, driving improvements to incident handling, and leveraging automation and AI to enhance speed, accuracy, and resilience in security operations. They will also collaborate with the GRC team to meet regulatory and compliance requirements.

Reports to: Security Operations Manager

To help our teams work together effectively, this role requires you to be located in the Toronto area.

Responsibilities

Security Measures and Tools Management: guide and deliver the installation, configuration, and management of security tools for safeguarding systems and data. Continuously monitor and adjust security measures for optimal protection. Lead security initiatives to strengthen and enhance Docebo's cybersecurity posture.
Cloud Security Solutions: collaborate with Cloud Infrastructure & Operations teams to design and maintain robust security solutions for cloud environments. Define the strategy and update solutions to address evolving threats. Define and oversee the optimal account structure following best practices.
Endpoint and Email Security Management: deploy and manage security measures on endpoints and email systems to prevent unauthorized access and threats. Implement policies to enhance email security and reduce email-borne risks.
Incident Response and Analysis: Coordinate and lead the investigation of security incidents to determine causes, impacts, and potential exposure of sensitive data (e.g. PII, credentials). Perform Root Cause Analysis (RCA) to prevent recurrence, leveraging automation, AI, and threat intelligence where possible; taking responsibility for following up with internal and external parties, including SOC/IR partners, to ensure effective closure of the incident.
Access Control and Identity Management: define and enforce Role-Based Access Control (RBAC) policies. Oversees and manages Identity and Access Management (IAM) solutions for secure authentication and authorization.
Vulnerability Management: identify and prioritize vulnerabilities in systems and applications. Oversee and deliver remediation efforts to address vulnerabilities promptly.
SIEM and Detection Engineering: Use SIEM tools to monitor and analyze security events and logs, leveraging detection engineering practices (rule development, testing, and tuning) to improve visibility. Enhance threat detection and response capabilities by aligning with industry frameworks such as MITRE ATT&CK.
Development of Security Best Practices: develop and document best practices, policies, and procedures for information security. Provide guidance and training to promote a security-aware culture.
Monitoring of Security Configurations: audit and assess security configurations across the IT and Cloud infrastructure. Implement automated tools and processes for effective monitoring and enforcement of the appropriate level of security controls.
Develop and oversee effective strategies to prevent repeated risks affecting the infrastructure.
Vendor relationships: Maintain relationships with security vendors for technical issues, ensure smooth operations of security tools and services, and escalate problems or incidents to vendors when required.

Requirements

5+ years of relevant work experience in cybersecurity, with strong exposure to incident response, SOC operations, or IR consulting.
Solid experience with cloud platforms (AWS preferred; Azure/GCP a plus) and familiarity with cloud security tools (e.g. CSPM, CWPP, CIEM, CNAPP).
Proven experience with incident lifecycle management, including investigation, containment, remediation, and post-incident analysis.
Experience with SIEM and EDR platforms, including threat hunting, log investigation, and detection engineering.
Familiarity with automation platforms and AI-driven security tools to streamline detection, enrichment, and response.
Strong ability to work with large volumes of security and application data, extracting and correlating events to assess impact on sensitive information (e.g. PII, credentials).
Experience with threat intelligence feeds, platforms, and enrichment tools, and the ability to operationalize threat intel to enhance monitoring and response.
Familiarity with identity and access management (IAM), endpoint protection, and modern security architectures.
Experience with Infrastructure as Code (IaC) and scripting (Python, Bash, PowerShell, etc.) to develop custom workflows.
In-depth knowledge of information security principles, best practices, and cybersecurity frameworks (MITRE ATT&CK, NIST CSF, CIS, SOC 2, ISO 27001, PCI, FedRAMP).
Experience in hardening operating systems (Linux preferred).
Hands-on experience with network security fundamentals and practices.
Ability to produce clear, comprehensive, and well-structured documentation (e.g. incident reports, playbooks, procedures, and technical findings) and to communicate complex technical issues effectively to non-technical stakeholders.

Benefits & Perks ð

-Generous Vacation Policy, plus extra floating holidays to use for religious or cultural events that matter to you

-Employee Share Purchase Plan

-Career progression/internal mobility opportunities

-Four employee resource groups to get involved with (the Docebo Women's Alliance, PRIDE, BIDOC, and Green Ambassadors)

-WeWork partnership and âWork from Anywhereâ program

Hybrid Office Model ð¢

We believe when people are together, they develop deeper relationships and accelerate innovation. Because of this, all Docebo employees worldwide are âhybrid.â We encourage in-person collaboration while supporting work-from-home when employees need dedicated focus time, allowing Docebians to do their best every day. Each team leader is able to decide how often their teams come into the office, considering the needs of the team and the employeeâs needs. Our Talent Acquisition team will let you know about the role you are applying for and the hybrid details during the first interview.

About Docebo ð

Here at Docebo, we power learning experiences for over 3000 customers around the world with our easy-to-use, AI-powered Suite designed to close the enterprise learning loop. We have successfully achieved 2 IPOs (TSX: DCBO & NASDAQ: DCBO), been recognized as a Top SaaS e-learning Solution, and are growing exponentially in the process.

Docebo is a global company with offices in North America, EMEA, APAC and more. Our people believe in six core values, simply defined and manifested in everything we do - Innovation, Simplicity, Accountability, Togetherness, Curiosity, and Impact. If this sounds like you, now is your time to join one of the fastest-growing learning technology companies on the market. Apply today!

Docebo is an Equal Employment Opportunity employer. We are committed to diversity and inclusion in our workforce. All qualified applicants and employees will receive consideration for employment regardless of their race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, citizenship status, age, disability, genetic information, or any other category protected under applicable law.

Any individuals requiring a reasonable accommodation to assist with their job search or application for employment should send an e-mail to recruiting_accommodations

(at) docebo.com. The e-mail should include a description of the requested accommodation and the position youâre applying for or interested in.

Original Job Description

Artificial Intelligence. Actual Impact.

Soâ¦ what are you waiting for? Join 900+ Docebians around the world and help us reinvent the way people learn.

About This Opportunity:

Reports to: Security Operations Manager

To help our teams work together effectively, this role requires you to be located in the Toronto area.

Responsibilities

Security Measures and Tools Management: guide and deliver the installation, configuration, and management of security tools for safeguarding systems and data. Continuously monitor and adjust security measures for optimal protection. Lead security initiatives to strengthen and enhance Docebo's cybersecurity posture.
Cloud Security Solutions: collaborate with Cloud Infrastructure & Operations teams to design and maintain robust security solutions for cloud environments. Define the strategy and update solutions to address evolving threats. Define and oversee the optimal account structure following best practices.
Endpoint and Email Security Management: deploy and manage security measures on endpoints and email systems to prevent unauthorized access and threats. Implement policies to enhance email security and reduce email-borne risks.
Incident Response and Analysis: Coordinate and lead the investigation of security incidents to determine causes, impacts, and potential exposure of sensitive data (e.g. PII, credentials). Perform Root Cause Analysis (RCA) to prevent recurrence, leveraging automation, AI, and threat intelligence where possible; taking responsibility for following up with internal and external parties, including SOC/IR partners, to ensure effective closure of the incident.
Access Control and Identity Management: define and enforce Role-Based Access Control (RBAC) policies. Oversees and manages Identity and Access Management (IAM) solutions for secure authentication and authorization.
Vulnerability Management: identify and prioritize vulnerabilities in systems and applications. Oversee and deliver remediation efforts to address vulnerabilities promptly.
SIEM and Detection Engineering: Use SIEM tools to monitor and analyze security events and logs, leveraging detection engineering practices (rule development, testing, and tuning) to improve visibility. Enhance threat detection and response capabilities by aligning with industry frameworks such as MITRE ATT&CK.
Development of Security Best Practices: develop and document best practices, policies, and procedures for information security. Provide guidance and training to promote a security-aware culture.
Monitoring of Security Configurations: audit and assess security configurations across the IT and Cloud infrastructure. Implement automated tools and processes for effective monitoring and enforcement of the appropriate level of security controls.
Develop and oversee effective strategies to prevent repeated risks affecting the infrastructure.
Vendor relationships: Maintain relationships with security vendors for technical issues, ensure smooth operations of security tools and services, and escalate problems or incidents to vendors when required.

Requirements

5+ years of relevant work experience in cybersecurity, with strong exposure to incident response, SOC operations, or IR consulting.
Solid experience with cloud platforms (AWS preferred; Azure/GCP a plus) and familiarity with cloud security tools (e.g. CSPM, CWPP, CIEM, CNAPP).
Proven experience with incident lifecycle management, including investigation, containment, remediation, and post-incident analysis.
Experience with SIEM and EDR platforms, including threat hunting, log investigation, and detection engineering.
Familiarity with automation platforms and AI-driven security tools to streamline detection, enrichment, and response.
Strong ability to work with large volumes of security and application data, extracting and correlating events to assess impact on sensitive information (e.g. PII, credentials).
Experience with threat intelligence feeds, platforms, and enrichment tools, and the ability to operationalize threat intel to enhance monitoring and response.
Familiarity with identity and access management (IAM), endpoint protection, and modern security architectures.
Experience with Infrastructure as Code (IaC) and scripting (Python, Bash, PowerShell, etc.) to develop custom workflows.
In-depth knowledge of information security principles, best practices, and cybersecurity frameworks (MITRE ATT&CK, NIST CSF, CIS, SOC 2, ISO 27001, PCI, FedRAMP).
Experience in hardening operating systems (Linux preferred).
Hands-on experience with network security fundamentals and practices.
Ability to produce clear, comprehensive, and well-structured documentation (e.g. incident reports, playbooks, procedures, and technical findings) and to communicate complex technical issues effectively to non-technical stakeholders.

Benefits & Perks ð

-Generous Vacation Policy, plus extra floating holidays to use for religious or cultural events that matter to you

-Employee Share Purchase Plan

-Career progression/internal mobility opportunities

-Four employee resource groups to get involved with (the Docebo Women's Alliance, PRIDE, BIDOC, and Green Ambassadors)

-WeWork partnership and âWork from Anywhereâ program

Hybrid Office Model ð¢

About Docebo ð

Any individuals requiring a reasonable accommodation to assist with their job search or application for employment should send an e-mail to recruiting_accommodations

(at) docebo.com. The e-mail should include a description of the requested accommodation and the position youâre applying for or interested in.

Let me find your next job.

Thanks - you're signed up.

Senior Security Engineer

Edtech.com's Summary

Senior Security Engineer Full Description

Senior Network Security Engineer

Chief Information Security Officer (CISO)

Executive Director, Information Security Governance, Risk & Compliance

Staff IT Security Analyst

Research Information Security Analyst