DevSecOps Engineer

Location: Brampton- In office role
Department: IT / Engineering
Reports To: Head of IT

About Pillway:
Pillway is a modern digital pharmacy transforming the way patients manage their medications. We combine advanced technology, innovative delivery services, and patient-first care to simplify pharmacy experiences across Canada. As part of our mission to redefine pharmacy, we are expanding our technology team to ensure security, scalability, and reliability at every level.
Role Overview
We are seeking a skilled DevSecOps Engineer to join our growing team. This role will be responsible for embedding security into every phase of the software development lifecycle, ensuring compliance with healthcare regulations, and strengthening our cloud infrastructure. The ideal candidate has strong expertise in cloud security (preferably Azure), CI/CD pipelines, and DevOps automation, with a passion for enabling secure innovation in a fast-paced healthcare environment.
Key Responsibilities

Security Integration: Implement security best practices and controls across CI/CD pipelines, infrastructure, and applications.

Cloud Security: Manage and enhance security posture in Azure cloud environments, including identity, network, and application layers.

Compliance: Ensure infrastructure and deployments meet healthcare regulatory requirements (PHIPA, PIPEDA, SOC 2).

Infrastructure as Code (IaC): Build and maintain secure, automated infrastructure using tools such as Terraform, Ansible, or Bicep.

Monitoring & Incident Response: Deploy and manage security monitoring, logging, and alerting systems (SIEM, IDS/IPS, vulnerability scanning).

Collaboration: Work closely with development, QA, and operations teams to integrate security controls into pipelines and processes.

Automation: Enhance DevOps practices with automated testing, policy enforcement, and configuration management.

Continuous Improvement: Conduct regular threat modelling, risk assessments, and penetration testing.

Qualifications

Bachelor’s degree in Computer Science, Engineering, or a related field (or equivalent experience).

4+ years of experience in DevOps or security engineering, with at least 2 years in a DevSecOps role.

Hands-on experience with Azure cloud services, security policies, and monitoring tools.

Proficiency with CI/CD pipelines (Azure DevOps, GitHub Actions, Jenkins, or similar).

Strong knowledge of containerization and orchestration (Docker, Kubernetes).

Experience with IaC tools such as Terraform, ARM, Bicep, or Ansible.

Knowledge of security frameworks and standards (NIST, CIS Benchmarks, OWASP).

Familiarity with compliance in healthcare environments is a strong asset.

Excellent communication and collaboration skills.

Nice to Have

Certifications such as AZ-500 (Azure Security Engineer), CISSP, CISM, or DevSecOps-specific certifications.

Experience with secrets management (Vault, Azure Key Vault).

Familiarity with generative AI security and modern automation tools.

What We Offer

Competitive compensation package.

Comprehensive health and dental benefits.

Flexible hybrid/remote work options.

Opportunity to make a real impact on healthcare innovation in Canada.

A collaborative, fast-paced environment where new ideas are valued