Senior Cloud Security Engineer
BMO Financial Group, San Jose, CA, United States
We are seeking an enthusiastic and passionate professional for a
Senior Cloud, AI & Data Security Engineer
role who wants to design and implement security solutions for systems and services across
AWS, Azure, and AI/ML platforms
. We need someone who can establish the highest standards that meet and exceed security governance solutions and practices, provide assurance to management and auditors, and ensure sustained protection by embedding controls in operational and DevOps (CI/CD) practices with a focus on automation.
We are looking for someone who has a high level of technical security expertise and who takes seriously the responsibility of monitoring, detecting, protecting, and maintaining the security of
data, AI/ML systems, cloud platforms, and networks
.
You are a leader with a strong technical background. You have demonstrated strength in:
Developing and implementing
secure cloud and AI/ML architectures
using a risk-based cybersecurity and data privacy strategy
Defining security patterns, roadmaps, and operating models that leverage collaboration
Facilitating industry-standard information security governance
Advising senior leadership on cybersecurity,
AI risk
, and privacy risks, threats, and investment strategies
Documenting appropriate policies and procedures to manage information security risks,
including those unique to AI/ML systems and sensitive data assets
As a qualified candidate, you will be part of the team driving BMO's Cloud, AI, and Data Security implementation. As a member of this team, you should possess the ability to inspire yourself and all of our team. Based on your previous experiences, you will inject new knowledge and skills into an already high-performing team, thus elevating our efforts to new heights.
Your Responsibilities
Cloud Security
Assess, design, implement, automate, and document security solutions, controls, and processes for
Amazon Web Services (AWS)
and
Microsoft Azure
cloud platforms
Develop and maintain security patterns for cloud platforms and services; assess all cloud patterns to ensure adherence to best security practices and controls
Design and implement security baseline controls for Cloud Services for integration into the CI/CD process
Build and deliver
policies as code
, automating security controls and best practices
Review and approve code and changes with security implications (e.g., IAM Roles and Policies, Security Groups, etc.)
Be the cloud security subject matter expert for the Cloud Engineering group and its partners in any IaaS, PaaS, and SaaS implementations
AI & Machine Learning Security
Define and implement a
security framework for AI/ML systems
, covering the full model lifecycle from data ingestion and training to deployment and monitoring
Assess and mitigate
AI-specific threats
including adversarial attacks, model inversion, data poisoning, prompt injection, and model theft
Evaluate and secure
AI/ML platforms and tools
(e.g., Amazon SageMaker, Azure Machine Learning, Hugging Face, OpenAI APIs) against organizational risk standards
Collaborate with data science and AI engineering teams to integrate security controls into
MLOps pipelines
, ensuring model integrity, access controls, and auditability
Monitor emerging AI threat landscapes and regulatory developments (e.g., EU AI Act, NIST AI RMF) and translate these into actionable organizational controls
Data Security
Implement and manage
data security posture management (DSPM)
tools to continuously monitor sensitive data exposure across cloud environments
Establish controls for
structured and unstructured data stores
, including databases, data lakes, data warehouses (e.g., Snowflake, AWS S3, Azure Data Lake), and file sharing platforms
Drive the adoption of
data-centric security
practices within application development and analytics teams
General Security Leadership
Provide subject matter expertise on architecture, authentication, and systems security based on a clear understanding of the engineering stack, services, and data flow
Lead focused and continuous cybersecurity risk assessments of new and existing technologies - including
AI/ML systems and data platforms
- to identify risks and appropriate controls that balance security and operability
Provide effective and pragmatic cybersecurity guidance upfront in major technology projects to enable the business to innovate securely
Assist in the investigation and remediation of security incidents and issues,
including those involving AI model compromise or data breaches
Work closely with Information Security, product, and software development teams to assess cybersecurity risk and recommend solutions in cloud, AI, and data environments
Your Mindset
You are a
self-starter
, driven, and can handle multiple projects and priorities
You are passionate about driving the
DevSecOps and MLSecOps
mindset and culture in a fast-paced, challenging environment where you get the opportunity to work with the latest tools and technologies
You understand the
intersection of security, AI, and data
, and actively seek to build bridges between these disciplines
You are actively looking to improve the solutions you implement, understand the efficacy of collaboration, and are keen to work in a team of CI/CD, infrastructure, AI, and data specialists
You are energized by the
rapidly evolving AI threat landscape
and bring intellectual curiosity and practical judgment to navigating ambiguity
As a member of this team, you will inject new knowledge and skills into an already high-performing team, elevating our collective efforts to new heights
Required Core Skills
Foundational
A university degree in
Engineering, Computer Science, Information Technology
, or a related field
7-10 years
of experience developing and implementing security architectures and/or engineering, with demonstrated breadth across
cloud, data, and/or AI security domains
Security certifications such as
CISSP, CCSP, CCSK
, or any Cloud Security Specialty certification (e.g., AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer Associate)
Emerging/preferred:
Certifications or demonstrated knowledge in
AI security
(e.g., CDAI, CompTIA AI+, or equivalent vendor-specific AI security training) or
data security
(e.g., CDPSE, CIPP)
Cloud Security
Demonstrated knowledge of cloud architecture, cloud operations, cloud-based identity and access management, security automation, and orchestration
Extensive experience with
cloud-native security solutions
and tools (e.g., AWS Security Hub, AWS GuardDuty, Microsoft Defender for Cloud, Azure Sentinel)
Knowledge of technical security control environments and compliance frameworks including
CSA CCM, ISO 27001, ISO 27017, and NIST CSF
AI & ML Security
Working knowledge of
AI/ML development frameworks and platforms
(e.g., TensorFlow, PyTorch, SageMaker, Azure ML) and associated security risks
Familiarity with the
OWASP Top 10 for LLMs
,
MITRE ATLAS
, and
NIST AI Risk Management Framework (AI RMF)
Understanding of
MLOps pipeline security
, including securing model registries, feature stores, training environments, and inference endpoints
Knowledge of
Generative AI security risks
, including prompt injection, jailbreaking, data leakage via LLMs, and supply chain risks in AI model dependencies
Data Security
Experience implementing
data loss prevention (DLP)
,
data classification
, and
data access governance
solutions in enterprise environments
Knowledge of
DSPM tools
and practices
Understanding of
data encryption at rest and in transit
, tokenization, and key management for large-scale data environments
Familiarity with
data privacy regulations
(e.g., PIPEDA, GDPR, CCPA) and their technical implementation requirements
Experience securing
cloud-based data platforms
such as Snowflake, Databricks, AWS Redshift, Azure Synapse, or equivalent
Technical Skills
Firm grasp of
networking protocols and operations
; comfortable with packet analysis tools such as Wireshark, Burp Suite, nmap, Nessus, and Metasploit
Knowledge of
theoretical and applied cryptography
, key management, and cryptographic algorithms (RSA, AES, TLS, PKI, etc.)
Knowledge of
Identity and Access Management (IAM)
concepts including SSO, SAML, federated identity, RBAC, and OAuth/OIDC
Strong scripting and programming skills with experience in
Python, PowerShell, Bash, Node.js
, and API/webhook development
Experience with
Infrastructure as Code (IaC)
security scanning tools (e.g., Checkov, tfsec, Prisma Cloud)
Interpersonal & Leadership
Demonstrable internal and externalrelationship-buildingskills with the ability to clearly articulate complex security concepts across a diverse corporate culture
Ability to lead in-depth workshops across a broad range of topics including
cloud compliance, AI risk, and data governance
Strong ability to influence decision-making at senior leadership levels
Other Skills
Strong interpersonal, communication, and leadership skills
A critical thinker with strong research, analytical, and problem-solving skills
Self-motivated with a positive attitude and an ability to work independently and within a team
Ability to communicate complex technical concepts to a broad range of internal and external stakeholders, including
business, legal, compliance, and technology leaders
Strong time management skills with the ability to manage multiple workstreams and mentor less experienced team members
Why Join Us?
This is a rare opportunity to shape the
cloud, AI, and data security strategy
of one of Canada's largest financial institutions at a time when these domains are converging and rapidly evolving. You will work at the forefront of emerging threats, influence enterprise-wide security standards, and collaborate with world-class teams across technology, risk, and innovation.
Salary:
$122,400.00 - $228,000.00
Pay Type:
Salaried
The above represents BMO Financial Group's pay range and type.
Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group's expected target for the first year in this position.
BMO Financial Group's total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards
About Us
At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://jobs.bmo.com/us/en
BMO is proud to be an equal employment opportunity employer. We evaluate applicants without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other legally protected characteristics. We also consider applicants with criminal histories, consistent with applicable federal, state and local law.
BMO is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to BMOCareers.Support@bmo.com and let us know the nature of your request and your contact information.
Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.
Senior Cloud, AI & Data Security Engineer
role who wants to design and implement security solutions for systems and services across
AWS, Azure, and AI/ML platforms
. We need someone who can establish the highest standards that meet and exceed security governance solutions and practices, provide assurance to management and auditors, and ensure sustained protection by embedding controls in operational and DevOps (CI/CD) practices with a focus on automation.
We are looking for someone who has a high level of technical security expertise and who takes seriously the responsibility of monitoring, detecting, protecting, and maintaining the security of
data, AI/ML systems, cloud platforms, and networks
.
You are a leader with a strong technical background. You have demonstrated strength in:
Developing and implementing
secure cloud and AI/ML architectures
using a risk-based cybersecurity and data privacy strategy
Defining security patterns, roadmaps, and operating models that leverage collaboration
Facilitating industry-standard information security governance
Advising senior leadership on cybersecurity,
AI risk
, and privacy risks, threats, and investment strategies
Documenting appropriate policies and procedures to manage information security risks,
including those unique to AI/ML systems and sensitive data assets
As a qualified candidate, you will be part of the team driving BMO's Cloud, AI, and Data Security implementation. As a member of this team, you should possess the ability to inspire yourself and all of our team. Based on your previous experiences, you will inject new knowledge and skills into an already high-performing team, thus elevating our efforts to new heights.
Your Responsibilities
Cloud Security
Assess, design, implement, automate, and document security solutions, controls, and processes for
Amazon Web Services (AWS)
and
Microsoft Azure
cloud platforms
Develop and maintain security patterns for cloud platforms and services; assess all cloud patterns to ensure adherence to best security practices and controls
Design and implement security baseline controls for Cloud Services for integration into the CI/CD process
Build and deliver
policies as code
, automating security controls and best practices
Review and approve code and changes with security implications (e.g., IAM Roles and Policies, Security Groups, etc.)
Be the cloud security subject matter expert for the Cloud Engineering group and its partners in any IaaS, PaaS, and SaaS implementations
AI & Machine Learning Security
Define and implement a
security framework for AI/ML systems
, covering the full model lifecycle from data ingestion and training to deployment and monitoring
Assess and mitigate
AI-specific threats
including adversarial attacks, model inversion, data poisoning, prompt injection, and model theft
Evaluate and secure
AI/ML platforms and tools
(e.g., Amazon SageMaker, Azure Machine Learning, Hugging Face, OpenAI APIs) against organizational risk standards
Collaborate with data science and AI engineering teams to integrate security controls into
MLOps pipelines
, ensuring model integrity, access controls, and auditability
Monitor emerging AI threat landscapes and regulatory developments (e.g., EU AI Act, NIST AI RMF) and translate these into actionable organizational controls
Data Security
Implement and manage
data security posture management (DSPM)
tools to continuously monitor sensitive data exposure across cloud environments
Establish controls for
structured and unstructured data stores
, including databases, data lakes, data warehouses (e.g., Snowflake, AWS S3, Azure Data Lake), and file sharing platforms
Drive the adoption of
data-centric security
practices within application development and analytics teams
General Security Leadership
Provide subject matter expertise on architecture, authentication, and systems security based on a clear understanding of the engineering stack, services, and data flow
Lead focused and continuous cybersecurity risk assessments of new and existing technologies - including
AI/ML systems and data platforms
- to identify risks and appropriate controls that balance security and operability
Provide effective and pragmatic cybersecurity guidance upfront in major technology projects to enable the business to innovate securely
Assist in the investigation and remediation of security incidents and issues,
including those involving AI model compromise or data breaches
Work closely with Information Security, product, and software development teams to assess cybersecurity risk and recommend solutions in cloud, AI, and data environments
Your Mindset
You are a
self-starter
, driven, and can handle multiple projects and priorities
You are passionate about driving the
DevSecOps and MLSecOps
mindset and culture in a fast-paced, challenging environment where you get the opportunity to work with the latest tools and technologies
You understand the
intersection of security, AI, and data
, and actively seek to build bridges between these disciplines
You are actively looking to improve the solutions you implement, understand the efficacy of collaboration, and are keen to work in a team of CI/CD, infrastructure, AI, and data specialists
You are energized by the
rapidly evolving AI threat landscape
and bring intellectual curiosity and practical judgment to navigating ambiguity
As a member of this team, you will inject new knowledge and skills into an already high-performing team, elevating our collective efforts to new heights
Required Core Skills
Foundational
A university degree in
Engineering, Computer Science, Information Technology
, or a related field
7-10 years
of experience developing and implementing security architectures and/or engineering, with demonstrated breadth across
cloud, data, and/or AI security domains
Security certifications such as
CISSP, CCSP, CCSK
, or any Cloud Security Specialty certification (e.g., AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer Associate)
Emerging/preferred:
Certifications or demonstrated knowledge in
AI security
(e.g., CDAI, CompTIA AI+, or equivalent vendor-specific AI security training) or
data security
(e.g., CDPSE, CIPP)
Cloud Security
Demonstrated knowledge of cloud architecture, cloud operations, cloud-based identity and access management, security automation, and orchestration
Extensive experience with
cloud-native security solutions
and tools (e.g., AWS Security Hub, AWS GuardDuty, Microsoft Defender for Cloud, Azure Sentinel)
Knowledge of technical security control environments and compliance frameworks including
CSA CCM, ISO 27001, ISO 27017, and NIST CSF
AI & ML Security
Working knowledge of
AI/ML development frameworks and platforms
(e.g., TensorFlow, PyTorch, SageMaker, Azure ML) and associated security risks
Familiarity with the
OWASP Top 10 for LLMs
,
MITRE ATLAS
, and
NIST AI Risk Management Framework (AI RMF)
Understanding of
MLOps pipeline security
, including securing model registries, feature stores, training environments, and inference endpoints
Knowledge of
Generative AI security risks
, including prompt injection, jailbreaking, data leakage via LLMs, and supply chain risks in AI model dependencies
Data Security
Experience implementing
data loss prevention (DLP)
,
data classification
, and
data access governance
solutions in enterprise environments
Knowledge of
DSPM tools
and practices
Understanding of
data encryption at rest and in transit
, tokenization, and key management for large-scale data environments
Familiarity with
data privacy regulations
(e.g., PIPEDA, GDPR, CCPA) and their technical implementation requirements
Experience securing
cloud-based data platforms
such as Snowflake, Databricks, AWS Redshift, Azure Synapse, or equivalent
Technical Skills
Firm grasp of
networking protocols and operations
; comfortable with packet analysis tools such as Wireshark, Burp Suite, nmap, Nessus, and Metasploit
Knowledge of
theoretical and applied cryptography
, key management, and cryptographic algorithms (RSA, AES, TLS, PKI, etc.)
Knowledge of
Identity and Access Management (IAM)
concepts including SSO, SAML, federated identity, RBAC, and OAuth/OIDC
Strong scripting and programming skills with experience in
Python, PowerShell, Bash, Node.js
, and API/webhook development
Experience with
Infrastructure as Code (IaC)
security scanning tools (e.g., Checkov, tfsec, Prisma Cloud)
Interpersonal & Leadership
Demonstrable internal and externalrelationship-buildingskills with the ability to clearly articulate complex security concepts across a diverse corporate culture
Ability to lead in-depth workshops across a broad range of topics including
cloud compliance, AI risk, and data governance
Strong ability to influence decision-making at senior leadership levels
Other Skills
Strong interpersonal, communication, and leadership skills
A critical thinker with strong research, analytical, and problem-solving skills
Self-motivated with a positive attitude and an ability to work independently and within a team
Ability to communicate complex technical concepts to a broad range of internal and external stakeholders, including
business, legal, compliance, and technology leaders
Strong time management skills with the ability to manage multiple workstreams and mentor less experienced team members
Why Join Us?
This is a rare opportunity to shape the
cloud, AI, and data security strategy
of one of Canada's largest financial institutions at a time when these domains are converging and rapidly evolving. You will work at the forefront of emerging threats, influence enterprise-wide security standards, and collaborate with world-class teams across technology, risk, and innovation.
Salary:
$122,400.00 - $228,000.00
Pay Type:
Salaried
The above represents BMO Financial Group's pay range and type.
Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group's expected target for the first year in this position.
BMO Financial Group's total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards
About Us
At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://jobs.bmo.com/us/en
BMO is proud to be an equal employment opportunity employer. We evaluate applicants without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other legally protected characteristics. We also consider applicants with criminal histories, consistent with applicable federal, state and local law.
BMO is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to BMOCareers.Support@bmo.com and let us know the nature of your request and your contact information.
Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.