DevSecOps, level 2 - 100% remote

Hiring: DevSecOps level 2 - 100% remote

Reports to : VP of Systems Development

We are looking for a proactive DevSecOps to help secure our rapidly growing Software-as-a-Service platform. In this role youtll be responsible for integrating security practices across our requirement specification development and development operations teams ensuring our multi-tenant cloud product and infrastructure are secure scalable and compliant with industry standards. Youtll work closely with developers product owners development operations and our security team to protect customer data mitigate vulnerabilities develop secure practices and build security by design throughout the product lifecycle.

• DevSecOps Core Functions: Integrate security practices into the CI / CD pipeline to ensure secure code deployment.
• Collaborate with development operations and security teams to design and implement secure scalable and reliable systems.
• Automate security testing monitoring and compliance checks within the development lifecycle.
• Threat and Risk Assessments (TRA): Assist with or conduct regular TRAs to identify potential security risks and vulnerabilities in our data platform and applications.
• Provide actionable recommendations to mitigate identified risks and ensure compliance with industry standards (e.g. ISO 27001 NIST SOC 2 GDPR).
• Ethical Hacking and Penetration Testing: Act as an internal red team member adopting a hacker mindset to proactively poke holes in our data platform and applications.
• Perform penetration testing vulnerability assessments and exploit simulations to uncover weaknesses before malicious actors do.
• Security Incident Handling: Own the end-to-end security incident response process including detection triage containment eradication and recovery.
• Document incidents perform root cause analysis and implement preventive measures to avoid recurrence.
• Hands-On Technical Expertise: Manage and secure Kubernetes clusters including deployment scaling and monitoring of containerized workloads.
• Leverage Azure services (e.g. Azure Kubernetes Service Azure Security Center Azure Monitor) to build and maintain a secure cloud environment.
• Implement Infrastructure as Code (IaC) using tools like Terraform or Azure ARM templates with a security-first approach.
• Log Management and Monitoring: Design implement and manage centralized logging solutions to ensure comprehensive visibility into system activity.
• Analyze logs to detect anomalies investigate security events and ensure compliance with auditing requirements.
• Collaboration and Leadership: Act as a subject matter expert on security best practices mentoring team members and promoting a security-conscious culture.
• Work closely with stakeholders to align security initiatives with business objectives.
• Continuous Improvement: Research and identify tools and practices to improve our security stance.
• Participate in tabletop exercises related to process development and improvement. Review implement and improve security practices around the software development lifecycle.

• 5 years or equivalent of experience in DevOps SecOps or related roles including exposure to both on-premise and cloud deployments.
• Proven experience conducting Threat and Risk Assessments (TRA) and penetration testing.
• Experience with securing data platforms and distributed data systems.
• Hands-on experience managing Kubernetes in production environments.
• Strong working knowledge of Azure cloud services and security tools.
• Proficiency with CI / CD tools (e.g. Jenkins GitLab CI / CD Azure DevOps).
• Expertise in container security and orchestration (Kubernetes Docker).
• Familiarity with scripting languages (e.g. Python Bash PowerShell) for automation.
• Experience with log management and monitoring tools (e.g. Azure Log Analytics Loki ELK SIEMS).
• Demonstrated awareness of established security standards and structures such as ISO 27001 NIST 800 MITRE ATTCCK.
• Strong knowledge in networking and administration of Windows and Linux operating systems.
• Strong knowledge in Azure or other public cloud technologies.
• Strong problem-solving skills with a proactive and hacker-like mindset.
• Ability to communicate effectively in-person and remote both in verbal and written presentations and reports.
• Demonstrated commitment and passion in cybersecurity and privacy including willingness to push through adversity.
• Willingness to undergo and pass both initial and annual background checks including Ontario CRJM

• Experience in security-related practices around the software development lifecycle including secure coding CI / CD release management
• Familiarity with compliance requirements specific to our industry (e.g. GDPR HIPAA PCI- DSS).
• Experience in handling security-sensitive IT functions such as securing endpoints vendor management asset tracking
• Experience in operating or implementing institutional certifications such as SOC 2 ISO 27000

• Certified in one or more recognized industry cybersecurity standards such as CompTIA Security CISSP CEH etc.
• Certification in Azure or other cloud technologies
• Certification or training in specific cybersecurity skills such as digital forensics event analysis open source intelligence ethical hacking
• Bachelors degree in computer science software engineering cybersecurity or related fields; or equivalent

Employment Type : Full-Time

Experience : years

Vacancy : 1