Senior Security Engineer
| Company | Velocity Global |
|---|---|
| Location | Vancouver, BC, Canada |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior |
Requirements
- 5+ years of experience in DevSecOps, cloud-based provisioning, CI/CD pipeline management, monitoring, and troubleshooting.
- 5+ years of hands-on experience with public cloud providers
- Experience with multiple coding and scripting languages such as Python, TypeScript.
- Strong experience of using modern containerization software including Docker, Kubernetes and serverless technologies.
- Strong knowledge of DevSecOps automation, such as Terraform, Github, and Gitlab.
- Experience with web and network security (eg. OWASP Top 10)
- Excellent problem-solving and analytical skills, with experience interpreting and acting on data.
- Proficiency in evaluating and mitigating the risks associated with application vulnerabilities is important, encompassing the capability to prioritize findings from static code analysis, dependency scanning, API scanning, secret detection, and web application scanning.
- Understanding of SOC2 Type 2, ISO, GDPR, and CCPA standards and their certification and audit processes.
- Demonstrated ability to communicate technical concepts to varied audiences concisely.
- Experience with data and reporting processes to support DevSecOps KPIs and metrics.
- Demonstrated expertise in strategic thinking, strong business acumen, and a highly creative problem solver.
- Experience with CI/CD security best practices and DevSecOps methodologies.
Responsibilities
- Create the use of modern, cloud-first, security-first design patterns and integrate these with existing systems.
- Naturally accountable and responsible.
- Experience bringing security solutions to production and operate them in cloud environments.
- Partner with developers, technology leaders, and external partners to address security risks.
- Collaborate with our teams to design and implement security best practices across the development lifecycle.
- Support security projects related to DevOps, SRE, and cloud security architectures.
- Research and recommend new security tools and methodologies to improve testing capabilities.
- Demonstrated ability to coordinate incident response in mission critical systems.
- Maintain security incident tracking tools, capturing all necessary data and documenting findings.
- Be a technical advisor on Application Security best practices, focusing on security, performance, and cost optimization for projects and teams.
- Help to embed security best practices within the automation process, creating a robust and secure cloud environment.
- Diagnose and troubleshoot technical issues, perform root cause analysis, and escalate complex issues.
- Monitor and optimize application performance and service quality, ensuring quick issue resolution.
- Communicate updates to project leads and escalate issues when needed.
Preferred Qualifications
- Experience with automation tools such as Cloud Formation and Terraform.
- Familiarity with AWS IAM, API Security, Container Security, and Cloud Security.
- Knowledge of observability tooling (eg. Datadog, Prometheus).
- Experience with cloud services at scale (VPC, IAM, RBAC, etc.).
- Project Management experience.