Senior DevSecOps Engineer

About The Position

Requirements

• 5+ years of relevant experience spanning cloud infrastructure and security (DevSecOps, platform security, security engineering, SRE with strong security focus).
• Deep hands-on experience with GCP (preferred) or AWS, including strong fundamentals in cloud networking and identity.
• Strong hands-on experience with Kubernetes and service networking.
• Strong Infrastructure-as-Code skills (for example Terraform) and the ability to build reusable, maintainable automation.
• Practical experience integrating security into CI/CD and engineering workflows, including scanners and policy enforcement.
• Experience with incident response: investigation, coordination, post-incident follow-through, and continuous improvement.
• Experience with vulnerability management and software supply chain risk.
• Comfortable partnering cross-functionally and driving work end-to-end in ambiguous areas.

Nice To Haves

• Experience with Istio.
• Familiarity with application security scanning tools like Semgrep, Veracode, GitHub Advanced Security, or equivalent.
• Familiarity with CrowdStrike (EDR) and Splunk (SIEM).
• Familiarity supporting compliance and audit readiness (SOC 2, GDPR, NIST), including evidence support.

Responsibilities

• Own platform security and reliability improvements across our GCP environment.
• Harden identity and network controls in GCP (IAM patterns, service accounts and workload identity, organization policies, and network segmentation controls).
• Build security into CI/CD by implementing and enforcing scanning and policy controls (SAST, SCA, secret detection, and container/image scanning).
• Drive vulnerability management and supply chain risk reduction across services, dependencies, container images, and build pipelines.
• Lead threat modeling and security design reviews for new features and material architecture changes.
• Improve security observability and detection quality by tuning telemetry, reducing noise, and building high-signal detections and dashboards.
• Lead investigations and coordinate incident response for security alerts and incidents, and drive follow-ups from post-mortems into preventative improvements.
• Champion secure SDLC practices through standards, documentation, guardrails, and coaching for product engineering teams.
• Define and maintain end-user device security standards, including requirements for security agents such as EDR and remote access tooling, and partner with stakeholders for operational execution.
• Support compliance and audit readiness by conducting internal security reviews and helping align practices with frameworks and regulations (SOC 2, GDPR, NIST), including evidence support where needed.

Benefits

• Supportive Team: Work with a passionate group where you’ll find a true sense of belonging.
• Compensation: Competitive salaries with RRSP/401k matching and comprehensive medical, dental, and health insurance.
• Flexibility: A flexible time-off policy and the choice to work remote, hybrid, or from our Toronto HQ.
• Growth: Stipends for your home office setup and continuous professional learning.
• Impact: The opportunity to do high-impact work at a mission-driven organization.