Lead Security / Senior DevSecOps Engineer (CANADA only)

This is a remote position.

Requirements

1. Security Engineering & DevSecOps Implementation

• Design and implement end-to-end security controls across CI/CD pipelines, Infrastructure as Code (IaC), and deployment workflows using tools such as Terraform and ArgoCD.
  

• Integrate automated security scanning tools (SAST, DAST, and dependency scanning) into CI/CD workflows to detect vulnerabilities early.
  

• Harden containerized and cloud-native environments across AWS, EKS/Kubernetes, and Docker by applying best-practice configurations and access policies.
  

• Champion least-privilege access, enforce strong secrets management, and secure credential handling via tools like AWS IAM and HashiCorp Vault.
  

• Build and maintain internal tooling to automate routine security and compliance tasks.
  

• Automate and manage SSL/TLS certificate renewals, ensuring secure connectivity across services.
  

• Enforce and audit Content Security Policies (CSP) across web-facing applications to mitigate cross-site scripting (XSS) and other client-side threats.
  

2. Real-Time Security Monitoring & Incident Response

• Deploy and manage security monitoring tools such as ElasticStack SIEM, AWS GuardDuty, Datadog, and AWS Security Hub to detect and respond to threats.
  

• Develop, maintain, and execute incident response playbooks for quick remediation of vulnerabilities or attacks.
  

• Configure real-time alerting mechanisms for unauthorized access attempts, configuration drift, and anomalous behavior.
  

• Continuously analyze logs and telemetry from Grafana, Loki, and Prometheus, integrating insights into proactive defense strategies.
  

• Ingest and act on threat intelligence from AWS and external security feeds.
  

3. Governance, Risk, & Compliance (GRC)

• Lead and support security compliance efforts, including SOC 2 Type I/II, PCI DSS, and ISO 27001.
  

• Implement automated compliance enforcement and evidence collection within CI/CD and cloud infrastructure.
  

• Perform routine security risk assessments, gap analyses, and internal security audits.
  

• Collaborate with legal, compliance, and auditing stakeholders to ensure framework alignment and audit readiness.
  

• Conduct and oversee vendor and third-party risk assessments and integrate findings into vendor management processes.
  

• Maintain centralized documentation for compliance frameworks, control implementations, and audit activities.
  

4. Secure Architecture & Infrastructure Reviews

• Lead threat modeling and architecture reviews for new services, infrastructure components, and feature rollouts.
  

• Define, enforce, and validate baseline security configurations (e.g., hardened AMIs, Kubernetes security policies, AWS security groups).
  

• Collaborate with DevOps and Engineering teams to ensure secure design and configuration of services.
  

• Conduct security reviews and performance tuning for AWS RDS MySQL and PostgreSQL databases, including backup, encryption, and access policies.
  

5. Senior DevOps Engineering & Platform Reliability

• Manage scalable, resilient infrastructure on AWS, including automation of deployments via Terraform, ArgoCD and EKS.
  

• Build and maintain high-throughput, secure CI/CD pipelines using GitHub Actions, enabling fast, repeatable, and traceable releases.
  

• Operate and optimize Kubernetes-based environments, ensuring application health, container security, and deployment resilience.
  

• Oversee monitoring and serviceability using the Grafana–Loki–Prometheus stack to provide real-time visibility into systems performance, error rates, and operational trends.
  

• Manage database infrastructure, ensuring availability, access control, and security of AWS RDS MySQL and PostgreSQL instances.
  

• Implement and monitor service-level objectives (SLOs), SLAs, and error budgets in collaboration with product and engineering.
  

6. Security Culture & Engineering Enablement

• Conduct targeted security training and awareness sessions tailored to engineers, product managers, and DevOps teams.
  

• Embed a DevSecOps-first mindset, ensuring security considerations are addressed from ideation to deployment.
  

• Facilitate and document post-incident reviews, capturing lessons learned and driving remediation actions.
  

• Mentor team members on security practices, cloud infrastructure, and serviceability tooling.
  

7. Documentation & Knowledge Sharing

• Maintain detailed and accessible documentation for security standards, tooling, infrastructure configuration, and response procedures.
  

• Build and curate a security and DevOps knowledge base to support internal enablement and reduce onboarding time.
  

• Track and report on key performance indicators (KPIs) and metrics related to system security, infrastructure reliability, and compliance maturity.