Senior Cloud Security Specialist

About AlayaCare: 

At AlayaCare, we’re revolutionizing the way that home healthcare is delivered. Our leading cloud-based software allows our customers around the world to manage their employees, scheduling, billing, and enable better delivery of care. We're a fast-growing SaaS company with a team of 550+ team members across Canada, US, Australia, and Brazil. We aim to be the world leader in home healthcare software solutions as we empower providers to deliver better health outcomes to their patients and clients. We pride ourselves on our open and transparent culture, our bias for action, and being committed to a workplace where we can be ourselves.  

About the role: 

The Senior Cloud Security Specialist plays a critical role in designing and maintaining secure systems at AlayaCare, with a focus on AWS infrastructure. Reporting to the Director of Information Security and Privacy, you will act as the advisor of cloud security architecture, this role leads efforts in infrastructure hardening, vulnerability management, policy implementation, and security automation. The specialist collaborates across engineering and compliance teams, drives secure-by-default practices, and mentors others to elevate the organization’s overall security posture, all while supporting compliance with standards like SOC 2, HIPAA, and HITRUST.

A day in the life:     

• Design and Build Secure Systems: Develop and maintain threat models for AlayaCare’s cloud infrastructure and applications. Identify security risks and implement scalable, effective remediations to strengthen our cloud security posture. 
• Cloud Security Leadership: Act as the primary owner of security architecture within AWS, working closely with the SRE team to establish secure-by-default guardrails across compute, storage, networking, and identity services. 
• Vulnerability Management: Lead infrastructure vulnerability scanning efforts and work with engineering teams to triage, prioritize, and remediate findings. Focus on enabling sustainable, measurable improvements. 
• Security Automation and Tooling: Build and maintain automation for key security controls using Terraform and scripting languages (e.g., Python, Ruby, or Go). Develop internal tooling and integrate existing solutions to improve threat detection, access management, and incident containment. 
• Security Policy Implementation: Translate compliance wordings/policies into technical policies applicable to AWS Config, policy-as-code frameworks, and infrastructure pipelines. Collaborate with the compliance and GRC team to align implementation with regulatory goals. 
• Security-Focused Architecture Reviews: Participate in system and application design reviews to identify risks and guide teams toward secure architectural decisions. Deep knowledge of functional and infrastructure architecture is a plus. 
• Incident Response and Investigation: Lead technical investigations that are high-priority security incidents in collaboration with the security operations team.  
• Compliance Support: Support efforts around SOC 2, HIPAA, and HITRUST by helping embed security requirements into technical design and team workflows. 
• Security Advocacy and Awareness: Promote a culture of security by leading internal security training,  
• contributing to phishing simulations, and helping teams understand the “why” behind secure development practices. Coach engineers and product teams on best practices and threat awareness. 
• Team Enablement and Mentorship: Mentor and support engineers across teams in secure development practices and cloud security concepts. Help raise the overall security maturity of the engineering organization. 

What you bring to the team:  

• ​​Bachelor’s degree in Computer Science, Engineering, or a related technical field (e.g., B.Sc., B.Eng., or B.Comm. with a tech focus)
• 8+ years of experience in cybersecurity including 5+ years specifically focused on cloud security and infrastructure. 
• Expert-level knowledge of AWS, including security best practices, IAM, VPC, and cloud-native architecture design. 
• Hands-on experience with Terraform for deploying and managing cloud infrastructure as code. 
• Working knowledge of Kubernetes and best practices in securing containerized workloads and orchestrated environments. 
• Strong problem-solving skills, with the ability to navigate ambiguity, analyze complex systems, and deliver impactful results independently. 
• Strong communication skills; able to explain technical and security concepts in approachable terms to both technical and non-technical audiences. 
• A passion for building security-conscious engineering culture; you lead by example, advocate for secure development practices, and help others understand the why behind them. Pride in your work and a passion for improving security in the healthcare software space. 
• Strong sense of ownership and urgency: you act quickly when security risks arise and take pride in driving things to resolution. 
• Bias for action: you don’t wait for perfect clarity to get started, and you're comfortable making informed decisions in complex environments. 
• Empathetic collaborator; you value partnership, listen actively, and know how to meet engineers, product managers, and stakeholders where they are. 
• Security storyteller; you're able to connect the dots between technical risk and business impact, and help others see the value of security in clear, compelling ways. 

Location and travel requirements: 

AlayaCare supports a flexible hybrid working model, expecting that our employees have a regular in-office presence at their closest office location while offering flexibility for some remote work. Our team encourages in-person collaboration and with this, the preferred candidate location for this position would be within the Greater Montreal Area.

What Makes AlayaCare a Great Place to Work:

• Our products have a positive impact on the lives of countless care workers and care recipients
• Our company has been recognized by the Globe and Mail as one of Canada’s Top Growing Companies and as a recipient of Deloitte's Technology Fast 50TM program award for our rapid revenue growth, entrepreneurial spirit and bold innovation
• Equity in a well-funded, high-growth company
• Hybrid working models with beautiful and creative office spaces to enjoy in prime locations
• Virtual and onsite social events for employees centered around collaboration, learning, and fun, including DEIBA committee events, volunteer events, fireside chats, catered team lunches, celebrations, and team building activities
• Comprehensive group benefits program, including telemedicine
• Employee expense program for health, wellness, lifestyle, professional development and productivity-related expenses
• Parental leave top-up program
• Flexible vacation policy
• Company Wellness Day program for extra time to unwind
• Paid Volunteer Time off Program
• Career growth and learning and development opportunities
• An entrepreneurial culture of transparency, collaboration, and innovation
• Access to our employee perk program for discounts at various participating vendors

If this sounds like the perfect job for you, apply today. As well as joining a great culture and a market-leading company, you will be part of a team making a positive difference in the post-acute care market. If this isn’t the job for you, you may know someone who is a perfect fit. Please feel free to share this opportunity. 

If you want to explore AlayaCare further, please visit our website www.alayacare.com. 

Better outcomes, better belonging  

Our team members are unique—like our products and the customer groups that we service. AlayaCare employees bring different strengths, perspectives, and experiences to their roles and to our products that enable better care. We are committed to offering a people-centric culture where all employees belong and feel heard.   

Having a pulse on our employee feedback is important to us as we aim to continuously evolve Diversity, Equity, Inclusion, Belonging, and Accessibility within AlayaCare's policies, total rewards offerings, discussions, learning & development programs, and community partnerships. All qualified applicants will receive equal consideration.   

If you require accommodation as part of the recruitment and selection process, please reach out to talentacquisitionteam@alayacare.com. Please note, we do not accept unsolicited headhunter or agency resumes.  

#LI-VB1