Senior DevSecOps Engineer
Apply NowCompany: Opentrust Consulting Inc
Location: Toronto, ON M4E 3Y1
Description:
15th August, 2024
Title: Senior DevSecOps Engineer
Location: Toronto, ON (Hybrid 1-2 days per week, very flexible)
Term: 6-12 months
Must Have:
Objectives for this role:
- The client does not have any CICD pipelines, they need to embed their security functions, automate processes and build a pipeline from scratch. (Need to understand the security findings that come out of the pipeline scans)
- They are pushing for Infrastructure as a Code using Terraform and Github. Need someone who truly understand Terraform and Terraform scripting (Understand why x port should not be open or why Z encryption protocol is not supported etc)
- Re-evaluate the AWS platform, not happy with the current set up/configurations and want to transfer everything to Azure and MS Sentinel. (Deep understanding of the platforms, help setup alerting to sentinel, know what alerts to bring in, know why they are important, understanding of security architecture design.)
Job Title:Senior DevSecOps Engineer
Reports To:VP, Information Security (CISO)
About you:
You are a dynamic and entrepreneurial individual with experience managing security projects and leading people. You are a strategic thinker who enjoys formulating strategies and business plans to reach long-term objectives. You can analyze and monitor risks while ensuring that the appropriate IT and cybersecurity risk management protocols are in place and are working effectively.
About the role:
As a DevSecOps Engineer, you will be crucial in integrating security seamlessly throughout our software development and deployment processes. Your expertise will bridge the gap between development, operations, and security, ensuring security is built into the infrastructure from the ground up and maintained throughout the application lifecycle. You will be responsible for implementing and managing automated tools and technologies that help prevent vulnerabilities, managing cloud environments, and ensuring compliance with industry standards. This position requires a proactive approach to security, involving continuous risk assessments, threat modelling, and the adoption of innovative security solutions. You will work closely with cross-functional teams to advocate for secure coding practices, influence a security-first culture, and train colleagues on the latest security threats and mitigation strategies.
Key responsibilities:
Title: Senior DevSecOps Engineer
Location: Toronto, ON (Hybrid 1-2 days per week, very flexible)
Term: 6-12 months
Must Have:
- Architecture - Infrastructure as a Code
- Configuring AWS/Azure Cloud into MS Sentinel
Objectives for this role:
- The client does not have any CICD pipelines, they need to embed their security functions, automate processes and build a pipeline from scratch. (Need to understand the security findings that come out of the pipeline scans)
- They are pushing for Infrastructure as a Code using Terraform and Github. Need someone who truly understand Terraform and Terraform scripting (Understand why x port should not be open or why Z encryption protocol is not supported etc)
- Re-evaluate the AWS platform, not happy with the current set up/configurations and want to transfer everything to Azure and MS Sentinel. (Deep understanding of the platforms, help setup alerting to sentinel, know what alerts to bring in, know why they are important, understanding of security architecture design.)
Job Title:Senior DevSecOps Engineer
Reports To:VP, Information Security (CISO)
About you:
You are a dynamic and entrepreneurial individual with experience managing security projects and leading people. You are a strategic thinker who enjoys formulating strategies and business plans to reach long-term objectives. You can analyze and monitor risks while ensuring that the appropriate IT and cybersecurity risk management protocols are in place and are working effectively.
About the role:
As a DevSecOps Engineer, you will be crucial in integrating security seamlessly throughout our software development and deployment processes. Your expertise will bridge the gap between development, operations, and security, ensuring security is built into the infrastructure from the ground up and maintained throughout the application lifecycle. You will be responsible for implementing and managing automated tools and technologies that help prevent vulnerabilities, managing cloud environments, and ensuring compliance with industry standards. This position requires a proactive approach to security, involving continuous risk assessments, threat modelling, and the adoption of innovative security solutions. You will work closely with cross-functional teams to advocate for secure coding practices, influence a security-first culture, and train colleagues on the latest security threats and mitigation strategies.
Key responsibilities:
- Communicate security requirements to product teams and validate implementation before going live.
- Publish and disseminate CICD best practices, patterns, and solutions.
- Design action plans to address CICD platform/tools/solutions' shortcomings and difficulties.
- Create, develop, and implement solutions for infrastructure and security requirements.
- Design and implement robust security solutions for cloud environments across multiple cloud platforms (AWS, Azure).
- Conduct Threat Modeling and Risk sessions to identify and mitigate potential security threats at early stages of the development lifecycle.
- Experience with security automation and machine learning.
- Integrate, monitor and tune SAST/DAST platforms.
- Ability to express technical information clearly at different organizational levels.
- Evaluate and deploy advanced cloud-native security tools and technologies.
- Stay updated on emerging technologies in cloud security, AI, and automation, and apply innovative solutions to enhance the security framework.
- Proven experience (6+ years) as a DevSecOps Engineer or in a similar role.
- CISSP, CCSP, AZ-400 or other Security Certifications.
- Bachelor's degree in engineering, computer science or a related
- Comprehensive technical expertise in various DevSecOps toolkits, including Ansible, Jenkins, Jira, Terraform, Veracode, Git/Version Control Software, or comparable technologies.
- Detailed familiarity with information security frameworks and standards (NIST, CIS and CCM).
- Knowledge of DevOps Automation (TerraFrom, GitHub, GitHub Actions)
- Knowledge of PCI-DSS, SOC.
- Knowledge of Prisma cloud, SIEM, SOC, Microsoft Sentinel, or similar services.
- Familiarity with API Security, Container Security, AWS Cloud Security.
- Familiarity with Amazon AWS policy, configuration, and security management tools.
- Extensive familiarity with Azure Resource Manager templates and configuration.
- Deep knowledge of SDLC best practices, with a full understanding of OWASP Top 10, SANS Top 25, and ASVS levels.
- Highly creative problem-solver.