Job Description

Hiring: DevSecOps, level 2 - 100% remote Reports to : VP of Systems Development We are looking for a proactive DevSecOps to help secure our rapidly growing Software-as-a-Service platform. In this role, you’ll be responsible for integrating security practices across our requirement specification, development and development operations teams, ensuring our multi-tenant cloud product and infrastructure are secure, scalable, and compliant with industry standards. You’ll work closely with developers, product owners, development operations, and our security team to protect customer data, mitigate vulnerabilities, develop secure practices, and build “security by design” throughout the product lifecycle. Key Responsibilities DevSecOps Core Functions: Integrate security practices into the CI/CD pipeline to ensure secure code deployment. Collaborate with development, operations, and security teams to design and implement secure, scalable, and reliable systems. Automate security testing, monitoring, and compliance checks within the development lifecycle. Threat and Risk Assessments (TRA): Assist with or conduct regular TRAs to identify potential security risks and vulnerabilities in our data platform and applications. Provide actionable recommendations to mitigate identified risks and ensure compliance with industry standards (e.g., ISO 27001, NIST, SOC 2, GDPR). Ethical Hacking and Penetration Testing: Act as an internal "red team" member, adopting a hacker mindset to proactively poke holes in our data platform and applications. Perform penetration testing, vulnerability assessments, and exploit simulations to uncover weaknesses before malicious actors do. Security Incident Handling: Own the end-to-end security incident response process, including detection, triage, containment, eradication, and recovery. Document incidents, perform root cause analysis, and implement preventive measures to avoid recurrence. Hands-On Technical Expertise: Manage and secure Kubernetes clusters, including deployment, scaling, and monitoring of containerized workloads. Leverage Azure services (e.g., Azure Kubernetes Service, Azure Security Center, Azure Monitor) to build and maintain a secure cloud environment. Implement Infrastructure as Code (IaC) using tools like Terraform or Azure ARM templates with a security-first approach. Log Management and Monitoring: Design, implement, and manage centralized logging solutions to ensure comprehensive visibility into system activity. Analyze logs to detect anomalies, investigate security events, and ensure compliance with auditing requirements. Collaboration and Leadership: Act as a subject matter expert on security best practices, mentoring team members and promoting a security-conscious culture. Work closely with stakeholders to align security initiatives with business objectives. Continuous Improvement: Research and identify tools and practices to improve our security stance. Participate in tabletop exercises related to process development and improvement. Review, implement and improve security practices around the software development lifecycle. Qualifications and Desired Skills 5+ years or equivalent of experience in DevOps, SecOps, or related roles, including exposure to both on-premise and cloud deployments. Proven experience conducting Threat and Risk Assessments (TRA) and penetration testing. Experience with securing data platforms and distributed data systems. Hands-on experience managing Kubernetes in production environments. Strong working knowledge of Azure cloud services and security tools. Proficiency with CI/CD tools (e.g., Jenkins, GitLab CI/CD, Azure DevOps). Expertise in container security and orchestration (Kubernetes, Docker). Familiarity with scripting languages (e.g., Python, Bash, PowerShell) for automation. Experience with log management and monitoring tools (e.g., Azure Log Analytics, Loki, ELK, SIEMS). Demonstrated awareness of established security standards and structures such as ISO 27001, NIST 800, MITRE ATTCCK. Strong knowledge in networking and administration of Windows and Linux operating systems. Strong knowledge in Azure or other public cloud technologies. Strong problem-solving skills with a proactive and hacker-like mindset. Ability to communicate effectively in-person and remote, both in verbal and written presentations and reports. Demonstrated commitment and passion in cybersecurity and privacy, including willingness to push through adversity. Willingness to undergo and pass both initial and annual background checks, including Ontario CRJM Optional Qualifications Experience in security-related practices around the software development lifecycle, including secure coding, CI/CD, release management Familiarity with compliance requirements specific to our industry (e.g., GDPR, HIPAA, PCI- DSS). Experience in handling security-sensitive IT functions such as securing endpoints, vendor management, asset tracking Experience in operating or implementing institutional certifications such as SOC 2, ISO 27000 Certification (Preferred) Certified in one or more recognized industry cybersecurity standards such as CompTIA Security+, CISSP, CEH, etc. Certification in Azure or other cloud technologies Certification or training in specific cybersecurity skills such as digital forensics, event analysis, open source intelligence, ethical hacking Bachelor’s degree in computer science, software engineering, cybersecurity, or related fields; or equivalent

Job Tags

Remote job,

Similar Jobs