Int. DevOps to implement and maintain security throughout the entire SDLC for our SaaS client

Int. DevSecOps to implement and maintain security throughout the entire SDLC for our SaaS client

Location: Mississauga (2 Days in Office)

The DevSecOps Engineer is responsible for implementing and maintaining security throughout the entire software development lifecycle enhancing and validating the confidentiality, integrity, and availability of CLIENT’s public cloud and Kubernetes based platform. The DevSecOps Engineer will work with the DevOps team to ensure that architecture, controls and processes are appropriate and working effectively to enforce CLIENT security policy and compliance with other relevant standards notably SOC2 and PCI-DSS. The DevSecOps Engineer will act as a liaison between the CLIENT Security and Risk Management teams and the CLIENT Platform Engineering teams to ensure the infrastructure and application security for the CLIENT Platform.

Must Have Skills:

• Experience in public cloud is required (AWS, Azure, GCP)
• At least 3-5 years of experience in Cyber Security roles with a preference in the engineering field.
• Proficiency in Infrastructure as Code (IaC) technologies such as CloudFormation or Terraform.
• Scripting and automation skills (APIs, Python, Bash, PowerShell, Go)
• Experience in systems or network administration
• Experience working with industry standard regulations and compliance frameworks (PCI-DSS, ISO, NIST, SANS, SOX, SOC II, HIPAA)

Job Description:

· Implement security controls and best practices across CI/CD pipelines

· Perform and review vulnerability assessments (including DAST and SAST).

· Build and maintain security tools with an emphasis on automation.

· Provide architectural security guidance to product engineering teams building software applications in compliance with industry standards (PCI-DSS, NIST, CIS, OWASP) in public cloud environments

· Provide architectural security guidance to DevOps team building cloud infrastructure in compliance with industry standards (PCI-DSS, NIST, CIS, OWASP) in public cloud environments

· Collaborate with development teams to implement secure coding practices

· Review and suggest enhancements for security of software supply chain

· Act as a member of the DevOps and security teams as well as processes.

· Develop best practices and security standards for CLIENT Cloud Platform

· Work with CLIENT Risk team to support risk assessments by providing mitigations to identified risks

· Work with CLIENT Risk team to build appropriate threat models for CLIENT Cloud Platform

· Maintain CLIENT Cloud Platform risk registry

· Work with CLIENT Security team, DevOps and Platform Engineering teams to maintain vulnerability and patch management processes inline with CLIENT security policy

· Work with CLIENT Security team for incident response as necessary

· Perform security assessments of CLIENT systems, applications, and infrastructure providing written reports and recommendations for management review

· Identify and arrange for updated security training for CLIENT DevOps and Cloud Platform Engineering teams when appropriate

Other duties as assigned