DevSecOps Technical Lead

Global Relay•Vancouver, BC

About The Position

The DevSecOps Technical Lead (Internal Title: Application & Product Security Principal) is responsible for leading the DevSecOps areas of application security, application vulnerability scanning and other daily security and compliance efforts. This role is positioned between software engineering, security and operations, driving the integration of robust security practices into every stage of the software development lifecycle. As a senior member of the Application & Product team you will input into strategy, standards and partner closely with engineering, platform and product teams to ensure security is built-in and aligned with business objectives. You will champion a proactive, risk-based approach to security, embedding automated controls, secure design principles and continuous assurance into the development pipelines. You will lead security sessions for development engineering teams with focus on risks, security report analysis, mitigations of identified vulnerabilities and process improvements. You will also be responsible for developing and deploying an automated security framework for robust deployment of tools and processes, leveraging scripting languages and open-source solutions.

Requirements

8+ years of application security and operations experience and expert knowledge of software security
Experience with at least one of each of the following: OWASP, Mitre, NIST SP800-115
Experience with at least one of each of the following: SAST, DAST, SCA
Experience with at least one of each of the following: Python, Java, Bash, PowerShell
Experience with at least one of each of the following: Puppet, Ansible, Git repositories, Jenkins, Docker/Podman, CI/CD technologies
Experience with at least one of each of the following: Container - OpenShift / Kubernetes
Experience with at least one of each of the following: API security
Working with Security, Developers, DevOps, and Engineering teams in a dynamic environment
Secure development, coding, and engineering practices
Ability to work under broad supervision with little instruction
Ability to communicate effectively, in both written and verbal forms, with technical and non-technical cross-functional teams.
Ability to communicate diplomatically and effectively at all levels of the organization with all classifications, including the very technical
Proven competence using MS Office and other desktop applications
Methodical and creative approach to problem-solving
Excellent verbal and written communication skills
Strong attention to detail and follow-up

Nice To Haves

AI tools / Machine learning
ISO 27000, SOC 2, GDPR and other security and privacy standards
CISM, CISSP, OSCP, or other relevant security certifications
Networking technologies, particularly with OSI layers and TCP/IP
Web-based protocols, including cookie management, encrypted traffic, TLS, HTTPS, HSTS, and webhooks
Security tools such as firewalls, IDS/IPS, anti-virus, anti-spam, and server and network device hardening
Encryption protocols and methodologies

Responsibilities

Extensive experience in Application Security, Product Security or DevSecOps roles
Deep understanding of secure software development practices, including threat modeling, secure coding and vulnerability management
Serve as the liaison for deployment of DevSecOps standards and input into new standards or policies
Embed security and DevSecOps practices throughout the organization, within SDLC and support an automated continuous integration (CI) and continuous delivery (CD) system
Work with APIs and plugins to integrate security tools into established CI/CD pipelines using agile delivery methodology
Partner with developers and engineering teams to prevent vulnerabilities and ‘shift-left’ security testing in the SDLC
Focus on automation to aid in efficiencies with both testing and development
Provide hands-on technical expertise and support in general DevSecOps tasks
Review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and applications, and effectively address false positives
Investigate security issues in order to determine specific steps for reproduction and scope of vulnerabilities and risks
Provide encouragement to team members, including identifying areas for additional training or skills development
Mentor less experienced members of the team to help build a strong culture, improve security efficacy, and oversee team member work for quality and guideline compliance
Create security documentation and developer training material
Improve test case documentation and grouping
Act as the senior subject matter expert for Global Relay software security testing related to the CI/CD pipeline
Lead the selection, deployment, and management of appropriate scanning tools for security testing in the CI/CD pipeline
Develop competency in the OWASP Top 10 and derive new test methodologies based on Global Relay applications
Work with Application and Product Security Team Lead to identify areas where security test coverage is lacking, and work to improve the security test coverage
Provide suggestions on improvements and see these through to completion

Benefits

Competitive compensation and benefits
Comprehensive extended health benefits program, including virtual healthcare and a wellness allowance
Annual allotted vacation days, which increase based on tenure
Paid sick days
Maternity/parental enhancement program
Bonus
RRSP contribution matching program
Subsidized meal program (for Vancouver-based employees)

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume