Staff Engineer –DevSecOps (9809)
Ontario, CanadaFull-TimeStaffSoftware Engineering
Key Responsibilities:
- Follow established processes for the implementation and maintenance of security controls aligned with ISO 27001, SOC 2, and NIST 800-53.
- Collaborate with security leadership to ensure adherence to ISO 27001, SOC 2 and NIST 800-53 controls and procedures.
- Collaborate with internal and external auditors to support audits, evidence gathering, and remediation efforts.
- Develop and maintain automated security and compliance monitoring tools and dashboards.
- Translate regulatory requirements into technical requirements and integrate them into the SDLC (Secure Development Lifecycle).
- Execute tasks related to the implementation and upkeep of compliance controls under ISO 27001, SOC 2, and NIST 800-53 guidance.
- Conduct gap assessments and risk analysis; define and track remediation efforts to ensure compliance readiness.
- Strong hands-on experience and understanding of Kubernetes security, including RBAC, pod security policies, network policies, and secrets management.
Required Qualifications:
- 5+ years of experience in information security or compliance engineering roles.
- Practical experience with DevOps security practices, including integrating security controls into CI/CD pipelines (GitLab CI, Jenkins, GitHub Actions, etc.)
- Strong understanding and hands-on experience with ISO 27001, SOC 2 (Type I and II), and NIST SP 800-53.
- Experience working in cloud-native environments (AWS, Azure, or GCP) with secure configuration and governance controls.
- Familiarity with cloud-native security (AWS, GCP, or Azure), container orchestration, and infrastructure-as-code tools like Terraform, Helm, or Ansible.
- Solid knowledge of access management, encryption, logging/monitoring, and network security principles.
- Demonstrated ability to lead technical initiatives, work cross-functionally, and influence at all levels.
- Excellent written and verbal communication skills with experience writing policies and technical documentation.
Preferred Qualifications:
- Professional certifications such as CISSP, CISA, CISM, ISO 27001 Lead Implementer/Auditor, or AWS Security Specialty etc.
- Experience with compliance automation platforms.
- Background in regulated industries such as fintech, healthcare, or government.
