Insight Global is looking for a Sr DevSecOps Engineer to join one of Canada boutique financial institutions. You will be crucial in integrating security seamlessly throughout our software development and deployment processes. Your expertise will bridge the gap between development, operations, and security, ensuring security is built into the infrastructure from the ground up and maintained throughout the application lifecycle. You will be responsible for implementing and managing automated tools and technologies that help prevent vulnerabilities, managing cloud environments, and ensuring compliance with industry standards. This position requires a proactive approach to security, involving continuous risk assessments, threat modelling, and the adoption of innovative security solutions. You will work closely with cross-functional teams to advocate for secure coding practices, influence a security-first culture, and train colleagues on the latest security threats and mitigation strategies.
Communicate security requirements to product teams and validate implementation before going live.
Publish and disseminate CI/CD best practices, patterns, and solutions.
Design action plans to address CI/CD platform/tools/solutions shortcomings and difficulties.
Create, develop, and implement solutions for infrastructure and security requirements.
Design and implement robust security solutions for cloud environments across multiple cloud platforms (AWS, Azure).
Conduct Threat Modeling and Risk sessions to identify and mitigate potential security threats at early stages of the development lifecycle.
Develop and maintain a Security Center of Excellence for all new products and substantial changes to ensure security requirements are met before they proceed to production.
Experience with security automation and machine learning.
Integrate, monitor and tune SAST/DAST platforms.
Ability to express technical information clearly at different organizational levels.
Evaluate and deploy advanced cloud-native security tools and technologies.
Stay updated on emerging technologies in cloud security, AI, and automation, and apply innovative solutions to enhance the security framework.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
Proven experience (6+ years) as a DevSecOps Engineer or in a similar role.
CISSP, CCSP, AZ-400 or other Security Certifications.
Comprehensive technical expertise in various DevSecOps toolkits, including Ansible, Jenkins, Jira, Terraform, Veracode, Git/Version Control Software, or comparable technologies.
Detailed familiarity with information security frameworks and standards (NIST, CIS and CCM).
Knowledge of DevOps Automation (TerraFrom, GitHub, GitHub Actions).
Knowledge of PCI-DSS, SOC.
Knowledge of Prisma cloud, SIEM, SOC, Microsoft Sentinel, or similar services.
Familiarity with API Security, Container Security, AWS Cloud Security.
Familiarity with Amazon AWS policy, configuration, and security management tools.
Extensive familiarity with Azure Resource Manager templates and configuration.
Deep knowledge of SDLC best practices, with a full understanding of OWASP Top 10, SANS Top 25, and ASVS levels.
Highly creative problem-solver.
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.