Lead Security / Senior DevSecOps Engineer (CANADA only)

Work set-up: 
Full Remote
Contract: 
Work from: 

Berkeley Payments logo
Berkeley Payments
11 - 50 Employees
See all jobs

Job description

This is a remote position.

About Us: 

Berkeley Payments is a leading payment technology provider specializing in innovative solutions for businesses to manage and process payments seamlessly. We pride ourselves on offering cutting-edge financial technology to our clients, empowering businesses to streamline operations and improve their payment processes. 

​ 
Role Overview

Candidates must be located in Canada for this role.

The Lead Security / DevSecOps Engineer will be responsible for strengthening and maintaining the company’s security posture through the implementation of secure development practices, infrastructure security controls, and DevSecOps principles. This hands-on role bridges the gap between software engineering, operations, and cybersecurity—ensuring security is integrated across the entire development lifecycle. 

As a critical member of the Technology team (internally), this individual will lead initiatives related to secure CI/CD pipelines, cloud infrastructure hardening, automated threat detection, and compliance enforcement. The role will involve direct collaboration with engineering, DevOps, and product teams, driving a security-first culture across all technology domains.

Requirements

1. Security Engineering & DevSecOps Implementation

  • Design and implement end-to-end security controls across CI/CD pipelines, Infrastructure as Code (IaC), and deployment workflows using tools such as Terraform and ArgoCD.

  • Integrate automated security scanning tools (SAST, DAST, and dependency scanning) into CI/CD workflows to detect vulnerabilities early.

  • Harden containerized and cloud-native environments across AWS, EKS/Kubernetes, and Docker by applying best-practice configurations and access policies.

  • Champion least-privilege access, enforce strong secrets management, and secure credential handling via tools like AWS IAM and HashiCorp Vault.

  • Build and maintain internal tooling to automate routine security and compliance tasks.

  • Automate and manage SSL/TLS certificate renewals, ensuring secure connectivity across services.

  • Enforce and audit Content Security Policies (CSP) across web-facing applications to mitigate cross-site scripting (XSS) and other client-side threats.

2. Real-Time Security Monitoring & Incident Response

  • Deploy and manage security monitoring tools such as ElasticStack SIEM, AWS GuardDuty, Datadog, and AWS Security Hub to detect and respond to threats.

  • Develop, maintain, and execute incident response playbooks for quick remediation of vulnerabilities or attacks.

  • Configure real-time alerting mechanisms for unauthorized access attempts, configuration drift, and anomalous behavior.

  • Continuously analyze logs and telemetry from Grafana, Loki, and Prometheus, integrating insights into proactive defense strategies.

  • Ingest and act on threat intelligence from AWS and external security feeds.

3. Governance, Risk, & Compliance (GRC)

  • Lead and support security compliance efforts, including SOC 2 Type I/II, PCI DSS, and ISO 27001.

  • Implement automated compliance enforcement and evidence collection within CI/CD and cloud infrastructure.

  • Perform routine security risk assessments, gap analyses, and internal security audits.

  • Collaborate with legal, compliance, and auditing stakeholders to ensure framework alignment and audit readiness.

  • Conduct and oversee vendor and third-party risk assessments and integrate findings into vendor management processes.

  • Maintain centralized documentation for compliance frameworks, control implementations, and audit activities.

4. Secure Architecture & Infrastructure Reviews

  • Lead threat modeling and architecture reviews for new services, infrastructure components, and feature rollouts.

  • Define, enforce, and validate baseline security configurations (e.g., hardened AMIs, Kubernetes security policies, AWS security groups).

  • Collaborate with DevOps and Engineering teams to ensure secure design and configuration of services.

  • Conduct security reviews and performance tuning for AWS RDS MySQL and PostgreSQL databases, including backup, encryption, and access policies.

5. Senior DevOps Engineering & Platform Reliability

  • Manage scalable, resilient infrastructure on AWS, including automation of deployments via Terraform, ArgoCD and EKS.

  • Build and maintain high-throughput, secure CI/CD pipelines using GitHub Actions, enabling fast, repeatable, and traceable releases.

  • Operate and optimize Kubernetes-based environments, ensuring application health, container security, and deployment resilience.

  • Oversee monitoring and serviceability using the Grafana–Loki–Prometheus stack to provide real-time visibility into systems performance, error rates, and operational trends.

  • Manage database infrastructure, ensuring availability, access control, and security of AWS RDS MySQL and PostgreSQL instances.

  • Implement and monitor service-level objectives (SLOs), SLAs, and error budgets in collaboration with product and engineering.

6. Security Culture & Engineering Enablement

  • Conduct targeted security training and awareness sessions tailored to engineers, product managers, and DevOps teams.

  • Embed a DevSecOps-first mindset, ensuring security considerations are addressed from ideation to deployment.

  • Facilitate and document post-incident reviews, capturing lessons learned and driving remediation actions.

  • Mentor team members on security practices, cloud infrastructure, and serviceability tooling.

7. Documentation & Knowledge Sharing

  • Maintain detailed and accessible documentation for security standards, tooling, infrastructure configuration, and response procedures.

  • Build and curate a security and DevOps knowledge base to support internal enablement and reduce onboarding time.

  • Track and report on key performance indicators (KPIs) and metrics related to system security, infrastructure reliability, and compliance maturity.



Required profile

Experience

Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Collaboration
  • Communication
  • Problem Solving

Security Engineer Related jobs