A client of mine is looking to bring on a DevSecOps Engineer to join their Montreal team. The role is contract-to-hire after the first six months. It is expected for the individual to be on-site three to four days a week, while working remotely the rest of the week.
- Responsible for provide to our CI/CD systems the required tools to analyze our code for vulnerabilities.
- Assesses and prioritizes identified vulnerabilities and threats and develops/actions plans to eliminate or mitigate critical items.
- Be responsible for design and implementation of infrastructure and security architecture, including security groups, network firewalls, WAF and IDS.
- Assesses systems against system hardening standards and performs hardening tasks as required.
- Collaborate effectively with other teams including Development and QA to implement best practices, remediate vulnerabilities, educate employees, and keep Videri's customers secure
- Streamline the deployment process and ensure automation and continuous integration best practices are in place.
- Monitors infrastructure and key customer accounts as required.
- Improves system performance by identifying problems; recommending changes.
- Avoids legal challenges by monitoring compliance with service agreements.
- Updates job knowledge by participating in educational opportunities; maintaining personal networks.
The successful candidate will be able to demonstrate the following personal and professional skills:
- Shell, bash, python, ruby (proficiency in at least one)
- Setup and maintenance of Docker images
- Unix/Linux (Strong to Expert)
- Have in-depth knowledge of DevSecOps tools (I.e JIRA, Git, SAST, DAST, IAST, MAST, Jenkins, Ansible, ELK, Docker, Kubernetes, Prometheus, anchore, aqua, Twistlock).
- Automation Provisioning knowledge (Terraform, chef, Ansible)
- Source Control (git, svn )
- Experience with Amazon Web Services.
- Administration of servers (RedHat, CentOS or Ubuntu)
- Understanding of Databases (MySQL, PostgreSQL and MongoDB)
- DNS Server Understanding (bind, route53)
- Managing webservices (Nginx, Apache)
- Experience with CI/CD tools like Jenkins, GoCD.
- Minimum 5 years of experience with developing CI/CD DevSecOps pipelines
- 3+ years hands-on experience in Cloud Security.
- 3+ years working experience with one of the cloud platforms i.e. AWS, GCP or Azure
- Familiarity with all aspects of security regarding consumer-facing applications
- Experience with securing and hardening operating systems, applications, and containers.
- Strong attention to detail, motivation, self-initiative with strong organizational (personal and team based) and interpersonal skills are essential
- Must have a collaborative, team-oriented work style and possess ability to organize, prioritize and multi-task and work in a fast-paced environment
- Ability to work effectively across multiple teams and adopt a multi-faceted approach
- Fast learner
- Effectively and efficiently communicate, both verbally and in writing
- Experience working with industry standards or programs as SOC2, ISO 27001, FedRAMP and PCI is a big plus
- Security+ CE, SSCP, CCNA-Security, or GSEC Certification will be a big plus.
- Bilingual French / English
If interested in applying for this position, apply here or send your updated CV to email@example.com.