Senior DevSecOps Engineer

About Us: Balsam Brands is a global, eCommerce retailer with roots in holiday and home décor. We strive for excellence in everything we do and present a unique opportunity for those seeking to have a meaningful impact in a people-first company that values relationship building, authenticity, and doing the right thing.

The company's mission is to create joy together. We empower our team and partners to love what they do, provide products and experiences that inspire meaningful moments with family and friends, and give back to our families and communities in impactful ways. When you join Balsam Brands, you'll find a culture of caring people doing challenging work and building a welcoming workplace.

• Check out our flagship brand, Balsam Hill: www.balsamhill.com
• Balsam Brands in Forbes: https://bit.ly/balsambrandsforbes2023 
• LinkedIn: http://www.linkedin.com/company/balsam-brands/
• Glassdoor: https://bit.ly/balsambrands-glassdoor

Ready to be a part of the joy? Explore more about the Senior DevSecOps Engineer role below and apply today!

As a Senior DevSecOps Engineer you will be contributing to the overall design and direction of eCommerce Security Engineering across all our applications. This role is responsible for building platforms and frameworks to create consistent, verifiable, and automate management of applications and infrastructure between non-production and production environments. Guiding a team of DevOps Engineers, you will drive the design and automation of processes to support the CI/CD of digital technology, enterprise systems, microservices applications, and database services. You will also provide guidance or implement mitigation to address discovered abuse patterns using modern security tools and work with developers and performance engineers to help secure the solution.

This role is critical for developing and maintaining the security posture of digital commerce applications. You will be responsible for identifying and implementing security principles and best practices to ensure application security. Your tasks will include vulnerability scanning, creating processes for analyzing web traffic to identify abuse patterns, and addressing the impact of non-human HTTP traffic on performance and security by applying blocks, rate limits, tarpits, or other remediation methods.

This full-time position reports to the Director of Quality Assurance and has been categorized as a teleworker position. Teleworkers do not have a permanent corporate office workplace and, instead, work from home. To ensure sufficient overlap with functional and cross-functional team members globally, some flexibility with this role's regular work schedule will be required. Most of our teams have overlap with early morning and/or early evening PST. Specific scheduling needs for this role will be discussed in the initial interview.

What you’ll do:

• Provide guidance to a small team, defining tasks aligned with common goals, and fosters the professional development of team members through active discussion, feedback, coaching, and mentorship 
• Ensure direct and regular engagement with product/software development and infrastructure teams to achieve security compliance and security requirements within the organization
• Identify and address data security issues, provide secure coding guidance, assess vulnerabilities, and ensure regulatory compliance (PCI-DSS, HITRUST, NIST, SOX, SOC). Provide security guidance on infrastructural designs and organize numerous risk assessments to identify and eliminate application/product threats
• Automate software maintenance for CI/CD pipeline applications like Jenkins and SonarQube
• Implement and maintain cloud-based solutions on public cloud
• Partner with software engineers and QA team to automate and streamline our operations and processes
• Stay up-to-date on the latest DevSecOps trends and technologies and propose new solutions for continuous improvement

What you bring to the table:

• Minimum of four (4) years relevant experience in designing and building frameworks and tools  
• Experience in the design and implementation of fully automated Continuous Integration, Continuous Delivery, Continuous Deployment pipelines and DevOps processes for Agile projects
• Knowledge of IP networking, VPN's, DNS, load balancing and firewalls
• Experience with monitoring and log aggregating frameworks such as Kafka, Logstash, Splunk, ElastiSearch, NewRelic, and Kibana
• Experience implementing and designing cloud-native security concepts, DevSecOps or MLOps
• AWS/Azure Certification(s) such as Solutions Architect Pro, DevOps Engineer Pro, SysOps Admin, Developer Associate
• Experience in systems automation, orchestration, deployment, and implementation, as well as experience with scaling distributed data systems
• Hands-on experience with microservices and distributed application architecture, such as containers, Kubernetes, and/or serverless technology
• Ability to work with offshore teams & development partners

Travel for remote team members: At Balsam Brands, we believe that time spent together, in-person, collaborating and building relationships is important to who we are. For our newest remote Brandits, we will arrange travel to one of our local offices within your first three months of employment so you can meet and train with your new team in-person. You may also get to travel an additional 1 – 2 times a year for events such as team retreats, offsites, or learning and development opportunities.

Notes: This is a full-time, permanent position with benefits. Please only apply if you are able to live and work full-time in Essex County, Canada. Locations and specifics are subject to change as our hiring requirements shift. 

At Balsam Brands, we strive to offer a competitive compensation and benefits package. For permanent, full-time team members, our current package includes:

• Competitive compensation, including a cash-based incentive plan; salary is reviewed yearly and may be adjusted as part of the normal compensation review process
• Comprehensive Medical, Dental, and Vision coverage
• Generous parental leave program and flexible return options
• Company-paid life and AD&D insurance
• Company-paid short and long-term disability insurance
• Retirement savings plan with dollar-for-dollar company match up to $4,000 CAD per calendar year
• Employee Assistance Program (EAP) and other mental health and wellness perks
• Paid holidays, annual shutdown week, PTO, and volunteer time-off (VTO) packages
• Paid 5-week sabbatical leave after 10 years of employment
• Annual continuous learning benefit up to $1,2800 CAD per person per fiscal year
• Up to $300 flexible reimbursement to support setup of new team member's work-from-home environment
• Generous team member merchandise discount

The base pay range for this position is: $93,000 CAD to $116,000 CAD. Where an individual falls within that range will vary based on several factors including geographic location and may vary depending on candidate qualifications and experience, applicable skills, and other job-related factors. We benchmark our pay ranges against current external data sources and regularly review compensation for our team members. Balsam Brands is committed to providing our team members with an internally fair, externally competitive, and fiscally prudent total compensation package administered in a simple and consistent manner.

At Balsam Brands, we strive to build a diverse, equitable, and inclusive team to fulfill our purpose to create joy together. Balsam Brands is proud to be an equal opportunity employer. We encourage people from all backgrounds, ages, abilities, and experiences to apply. We do not discriminate on the basis of race, ethnicity, religion, national origin, citizenship, marital or family status, disability, sexual orientation, gender identity or expression, pregnancy or caregiver status, veteran status, or any other legally protected status. We will ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application and interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

All your information will be kept confidential according to EEO guidelines.