Unlock Premium Benefits Today!
🚀 Elevate your career with priority access.
Stand out to top recruiters with Jobgether Priority Access:
  • ✅ Top Match: We help you identify job offers where you're a perfect fit.
  • ✅ Exclusive Referral Service: Connect directly with recruiters as a Jobgether Certified Premium User.
  • ✅ Personalized Feedback: Receive feedback and expert guidance on applications, and have your profile manually reviewed.

Start Your Free Trial Now!

Go Premium

Lead Security / DevSecOps Engineer

Remote: 
Full Remote
Contract: 
Full time
Work from: 
Canada

Offer summary

Qualifications:

Bachelor's degree in Computer Science, Information Security, or a related field., 5+ years of experience in security engineering and DevSecOps practices., Strong knowledge of cloud environments, particularly AWS and Kubernetes., Experience with security compliance frameworks such as SOC 2, PCI DSS, and ISO 27001..

Key responsabilities:

  • Design and implement security controls across CI/CD pipelines and infrastructure.
  • Monitor and respond to security incidents and threats in real-time.
  • Lead compliance efforts and conduct regular security risk assessments.
  • Provide security training and foster a security-first culture within the technology team.

Berkeley Payments logo
Berkeley Payments
11 - 50 Employees
See all jobs

Job description

This is a remote position.

About Us:

Berkeley Payments is a leading payment technology provider specializing in innovative solutions for businesses to manage and process payments seamlessly. We pride ourselves on offering cutting-edge financial technology to our clients, empowering businesses to streamline operations and improve their payment processes.


Role Overview

The Lead Security / DevSecOps Engineer will be responsible for strengthening and maintaining the company’s security posture through the implementation of secure development practices, infrastructure security controls, and DevSecOps principles. This hands-on role bridges the gap between software engineering, operations, and cybersecurity—ensuring security is integrated across the entire development lifecycle.

As a critical member of the Technology team (internally), this individual will lead initiatives related to secure CI/CD pipelines, cloud infrastructure hardening, automated threat detection, and compliance enforcement. The role will involve direct collaboration with engineering, DevOps, and product teams, driving a security-first culture across all technology domains.
Requirements
Key Responsibilities
1. Security Engineering and DevSecOps Implementation

  • Design and implement security controls across CI/CD pipelines, infrastructure as code (IaC), and deployment workflows.

  • Integrate security testing into automated development workflows (e.g., SAST, DAST, dependency scanning).

  • Harden cloud-native and containerized environments (e.g., AWS, EKS/Kubernetes).

  • Champion least-privilege access, secrets management, and secure credential handling.

  • Build tooling to automate common security and compliance tasks.

  • Manage and automate certificate renewals (e.g., SSL/TLS) to ensure secure connectivity across internal and external services.

  • Enforce and maintain Content Security Policies (CSP) for all frontend portals to mitigate cross-site scripting (XSS) and other client-side attacks.


2. Real-Time Security Monitoring and Incident Response

  • Configure and maintain detection and response tooling, including Elastic SIEM, Datadog, AWS GuardDuty, and Security Hub.

  • Develop playbooks for identifying, responding to, and remediating active threats.

  • Set up alerting mechanisms for anomaly detection, unauthorized access, and misconfigurations.

  • Monitor and respond to cloud-based threat intelligence feeds and logs.

3. Governance, Risk, and Compliance (GRC)

  • Support and lead efforts toward obtaining and maintaining compliance certifications such as SOC 2 Type I/II, PCI DSS, and ISO 27001.

  • Implement automated compliance controls and evidence collection processes within CI/CD and infrastructure.

  • Conduct regular security risk assessments, gap analyses, and internal audits.

  • Partner with compliance, legal, and external auditors to ensure adherence to frameworks including SOC 2 Type I/II, PCI DSS, and ISO 27001.

  • Oversee third-party and vendor security risk evaluations as part of compliance obligations.

  • Maintain documentation and controls required for audit readiness and certification renewals.

4. Secure Architecture and Infrastructure Reviews

  • Conduct threat modeling and architecture reviews for infrastructure changes and new features.

  • Define and enforce baseline configurations for infrastructure security (e.g., hardened AMIs, security groups).

  • Partner with Engineering and DevOps teams to review design decisions from a security perspective.

5. Security Culture and Enablement

  • Provide security training and awareness sessions for engineering and product teams.

  • Foster a DevSecOps mindset, embedding security into early stages of the development lifecycle.

  • Lead post-mortems and lessons learned following security incidents or near misses.

6. Documentation and Knowledge Sharing

  • Maintain comprehensive documentation for security policies, procedures, and tooling.

  • Create knowledge base to streamline internal adoption and incident response.

  • Track metrics and KPIs related to security posture improvements and engineering enablement.

Required profile

Experience

Spoken language(s):
English
Check out the description to know which languages are mandatory.

Hard Skills

DevSecOpsCI/CDSecurity EngineeringCloud ComputingThreat ModelingDatadogKubernetesGeneral SecurityAWS Cloud ServicesConventional PCIAmazon GuardDutyCompliance ManagementInfrastructure as Code (IaC)ISO/IEC 27000 SeriesSASSIncident Response

Other Skills

  • Training And Development
  • Collaboration
Are you interested?

Security Engineer Related jobs

See more Security Engineer jobs