DevSecOps, level 2
1 week ago
Reports to: VP of Systems Development
We are looking for a proactive DevSecOps to help secure our rapidly growing Software-as-a-Service platform. In this role, you'll be responsible for integrating security practices across our requirement specification, development and development operations teams, ensuring our multi-tenant cloud product and infrastructure are secure, scalable, and compliant with industry standards. You'll work closely with developers, product owners, development operations, and our security team to protect customer data, mitigate vulnerabilities, develop secure practices, and build "security by design" throughout the product lifecycle.
Key Responsibilities
- DevSecOps Core Functions:
- Integrate security practices into the CI/CD pipeline to ensure secure code deployment.
- Collaborate with development, operations, and security teams to design and implement secure, scalable, and reliable systems.
- Automate security testing, monitoring, and compliance checks within the development lifecycle.
- Threat and Risk Assessments (TRA):
- Assist with or conduct regular TRAs to identify potential security risks and vulnerabilities in our data platform and applications.
- Provide actionable recommendations to mitigate identified risks and ensure compliance with industry standards (e.g., ISO 27001, NIST, SOC 2, GDPR).
- Ethical Hacking and Penetration Testing:
- Act as an internal "red team" member, adopting a hacker mindset to proactively poke holes in our data platform and applications.
- Perform penetration testing, vulnerability assessments, and exploit simulations to uncover weaknesses before malicious actors do.
- Security Incident Handling:
- Own the end-to-end security incident response process, including detection, triage, containment, eradication, and recovery.
- Document incidents, perform root cause analysis, and implement preventive measures to avoid recurrence.
- Hands-On Technical Expertise:
- Manage and secure Kubernetes clusters, including deployment, scaling, and monitoring of containerized workloads.
- Leverage Azure services (e.g., Azure Kubernetes Service, Azure Security Center, Azure Monitor) to build and maintain a secure cloud environment.
- Implement Infrastructure as Code (IaC) using tools like Terraform or Azure ARM templates with a security-first approach.
- Log Management and Monitoring:
- Design, implement, and manage centralized logging solutions to ensure comprehensive visibility into system activity.
- Analyze logs to detect anomalies, investigate security events, and ensure compliance with auditing requirements.
- Collaboration and Leadership:
- Act as a subject matter expert on security best practices, mentoring team members and promoting a security-conscious culture.
- Work closely with stakeholders to align security initiatives with business objectives.
- Continuous Improvement:
- Research and identify tools and practices to improve our security stance.
- Participate in tabletop exercises related to process development and improvement. Review, implement and improve security practices around the software development lifecycle.
- 5+ years or equivalent of experience in DevOps, SecOps, or related roles, including exposure to both on-premise and cloud deployments.
- Proven experience conducting Threat and Risk Assessments (TRA) and penetration testing.
- Experience with securing data platforms and distributed data systems.
- Hands-on experience managing Kubernetes in production environments.
- Strong working knowledge of Azure cloud services and security tools.
- Proficiency with CI/CD tools (e.g., Jenkins, GitLab CI/CD, Azure DevOps).
- Expertise in container security and orchestration (Kubernetes, Docker).
- Familiarity with scripting languages (e.g., Python, Bash, PowerShell) for automation.
- Experience with log management and monitoring tools (e.g., Azure Log Analytics, Loki, ELK, SIEMS).
- Demonstrated awareness of established security standards and structures such as ISO 27001, NIST 800, MITRE ATTCCK.
- Strong knowledge in networking and administration of Windows and Linux operating systems.
- Strong knowledge in Azure or other public cloud technologies.
- Strong problem-solving skills with a proactive and hacker-like mindset.
- Ability to communicate effectively in-person and remote, both in verbal and written presentations and reports.
- Demonstrated commitment and passion in cybersecurity and privacy, including willingness to push through adversity.
- Willingness to undergo and pass both initial and annual background checks, including Ontario CRJM
- Experience in security-related practices around the software development lifecycle, including secure coding, CI/CD, release management
- Familiarity with compliance requirements specific to our industry (e.g., GDPR, HIPAA, PCI- DSS).
- Experience in handling security-sensitive IT functions such as securing endpoints, vendor management, asset tracking
- Experience in operating or implementing institutional certifications such as SOC 2, ISO 27000
- Certified in one or more recognized industry cybersecurity standards such as CompTIA Security+, CISSP, CEH, etc.
- Certification in Azure or other cloud technologies
- Certification or training in specific cybersecurity skills such as digital forensics, event analysis, open source intelligence, ethical hacking
- Bachelor's degree in computer science, software engineering, cybersecurity, or related fields; or equivalent
-
DevSecOps Engineer
7 days ago
Toronto, Ontario, Canada Extreme Networks Full time $120,000 - $180,000 per yearWe are seeking a highly experiencedDevSecOps Engineerto lead and support our enterprise security, compliance, and risk management initiatives. This individual will play a key role in designing, implementing, and maintaining controls aligned with global compliance frameworks includingISO 27001, SOC 2, and NIST . The ideal candidate has a deep understanding of...
-
DevSecOps Security Analyst
3 days ago
Toronto, Ontario, Canada Collabera Full time $100,000 - $110,000 per yearTitle:DevSecOps Security AnalystType (Contract, C2H, Perm):Contract - 6 months, possible extensionLocation:Toronto, ON in office on Tuesday's and every 2nd Friday (5x per month)Shift/Core Hours:37.5Compensation:$50-$55/hourInterview Process:2 Rounds (1- Virtual and 1-Inperson)Day to day responsibilities:Work with various development teamsWorking with...
-
DevSecOps Engineer
2 weeks ago
Toronto, Ontario, Canada OceanMD Full time $120,000 - $180,000 per yearJoin us as we change healthcare for the better. OceanMD, a WELLSTAR Company, is the leading provider of EMR-integrated Patient Engagement and eReferral tools in Canada, playing a critical role in millions of patient visits and thousands of referrals every week. Our digital healthcare solutions empower patients and physicians to overcome the barriers...
-
Toronto, Ontario, Canada -bb75-4638-90cb-1494b11cccab Full time $114,000 - $154,000 per yearWork Location:Toronto, Ontario, CanadaHours37.5Line Of BusinessTechnology SolutionsPay Details$114,000 - $154,000 CADThe pay details posted reflect a temporary market premium specific to this role that is reassessed annually.TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill...
-
Toronto, Ontario, Canada TD Full time $114,000 - $154,000Work Location:Toronto, Ontario, CanadaHours:37.5Line of Business:Technology SolutionsPay Details:$114,000 - $154,000 CADThe pay details posted reflect a temporary market premium specific to this role that is reassessed annually.TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill...
-
Staff Engineer –DevSecOps
2 days ago
Toronto, Ontario, Canada Extreme Networks Full time $110,000 - $130,000 per yearOver 50,000 customers globally trust our end-to-end, cloud-driven networking solutions. They rely on our top-rated services and support to accelerate their digital transformation efforts and deliver unprecedented progress. With double-digit growth year over year, no provider is better positioned to deliver scalable outcomes than Extreme.Inclusion is one of...
-
Staff Engineer –DevSecOps
1 week ago
Toronto, Ontario, Canada Extreme Networks Full time $104,500 - $130,000 per yearOver 50,000 customers globally trust our end-to-end, cloud-driven networking solutions. They rely on our top-rated services and support to accelerate their digital transformation efforts and deliver unprecedented progress. With double-digit growth year over year, no provider is better positioned to deliver scalable outcomes than Extreme. Inclusion is one of...
-
DevSecOps Manager
2 weeks ago
Toronto, Ontario, Canada Wind River Full time $120,000 - $250,000 per yearDescriptionPosition at Wind RiverAbout Wind RiverWind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability.Wind River helps customers across...
-
Level 2 IT Support Engineer
1 week ago
Toronto, Ontario, Canada Soft2Bet Full time $60,000 - $80,000 per yearWe are looking for a Level 2 IT Support Engineer (NOC Engineer) for our team in Canada. Requirements:1+ years of experience in IT;Experience working with logging, monitoring and alerting tools (e.g. ELK stack, Grafana, PagerDuty, DataDog, Prometheus, Coralogix);Ability to perform log level analysis;Strong troubleshooting skills;Willingness to work in a...
-
Principal AI DevSecOps Engineer
2 days ago
Toronto, Ontario, Canada Royal Bank of Canada Full time $130,000 - $220,000 per yearJob DescriptionWhat's the opportunity?At RBC, you'll be joining a team of leading platform engineers and security specialists focused on implementing and optimizing our enterprise GenAI platform infrastructure. You will have access to cutting-edge GPU technologies, multi-cloud environments, and the computational resources to support novel AI/ML workload...
