Senior DevSecOps Engineer

Title: Senior DevSecOps Engineer

Department: Information Technology / Cybersecurity

Reports To: Director, Corporate Security

*This is a remote role open to Canada or US*

Job Overview: The Senior DevSecOps Engineer is a highly skilled role with a strong focus on all cloud technologies. This position demands an expert-level understanding of cloud security architectures, practices, and tools in AWS and Azure, with the ability to apply relevant skills in GCP environments.

Key Responsibilities:

· Implement and optimize DevSecOps automation processes, ensuring seamless integration of security into the development lifecycle.

· Design and implement robust security solutions for cloud environments across multiple cloud platforms (AWS, Azure, GCP).

· Demonstrate an understanding of Infrastructure as Code (IaC) best practices and possess strong experience in building Terraform modules and CloudFormation stacks for AWS.

· Understanding of server orchestration and configuration practices and strong experience in key technologies such as Ansible or Puppet.

· Responsible for managing cloud security, which includes identifying, tracking, and advising on all cloud security threats and vulnerabilities.

· Responsible for investigating, remediating, and conducting root cause analysis of all cloud security events escalated from EDRs, CSPMs, SIEMs, and other notification mechanisms.

· Evaluate and deploy advanced cloud-native security tools and technologies.

· Work closely with relevant teams to foster a culture of security and ensure a unified approach to securing cloud infrastructure.

· Stay updated on emerging technologies in cloud security, AI, and automation, and apply innovative solutions to enhance the security framework.

Experience Required:

· Proven experience (6+ years) as a DevSecOps Engineer or in a similar role.

· In-depth knowledge of security best practices and industry standards.

· Understanding and hands-on experience with cloud platforms.

· Experience with cloud-native and serverless technologies.

· Experience in making nuanced threat and risk assessments.

· Experience with NIST, SOX, ISO, SOC2, GDPR, and other compliance and regulatory frameworks.

· Experience in building repeatable/reusable security processes and frameworks.

· Hands-on experience with DevOps tools and practices (e.g., CI/CD, containerization, infrastructure as code).

· Must have experience in automation, scripting, and business intelligence.

· Certifications such as AWS Certified Security, Azure Security Engineer, CISSP, CISM are a plus.

Nice to have:

· Experience in deploying SIEM solutions (Exabeam).

· Experience in EDR and CSPM solutions (Crowdstrike)

· Experience with SAST, DAST and SCA tools (Veracode, Black Duck)

· Experience with SDLC, version control and DevSecOps practices.

Centric Software provides equal employment opportunities to all qualified applicants without regard to race, sex, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status or genetic information.
 

Centric Software provides equal employment opportunities to all qualified applicants without regard to race, sex, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status or genetic information.