Senior Devsecops Engineer (Pressreader)

PressReader is a rapidly growing technology company that partners with the world’s leading publishers to deliver content to millions of users in over 160 countries. Our progressive approach to digital distribution has allowed publishers such as The Washington Post, The Guardian, Newsweek, Rolling Stone, The Globe and Mail, and Vogue to find new audiences through business partnerships, including airlines, hotels, cruise ships, libraries, and thousands of other companies worldwide.

Our technology also powers Branded Editions (BE) - a white-label solution that enables publishers to deliver their digital content in interactive ways. BE allows them to build a customizable platform that supports a wide range of revenue opportunities.

We have an opportunity for a Senior DevSecOps Engineer role to join our Engineering Team.

In This Role, You Will

• Design and implement a secure development strategy
• Participate in infrastructure architecture and services development as a security expert
• Assess and prioritize potential security threats and vulnerabilities, and identify appropriate countermeasures and mitigation strategies
• Harden Kubernetes clusters, on-prem and cloud infrastructure for enhanced security
• Monitor and analyze system logs, security events, and alerts to promptly identify and respond to security incidents
• Design, implement, and maintain a vulnerability management platform
• Build secure base images for development teams
• Conduct regular security assessments, vulnerability scans, and penetration tests to identify and mitigate security weaknesses in applications, infrastructure, and code
• Implement security checks in CI/CD pipelines
• Implement and maintain dependency management processes and tools
• Implement security tools within Kubernetes clusters
• Enforce custom policies on Kubernetes objects using OPA (Open Policy Agent)
• Educate development teams on secure coding practices, security risks, and emerging threats, promoting a culture of security awareness and responsibility
• Ensure software applications adhere to industry regulations, standards, and security policies
• Work closely with development, operations, and security teams to foster collaboration, share knowledge, and align objectives to ensure secure software delivery
• Automate security-related tasks and processes, such as vulnerability scanning, code analysis, and compliance checks to improve efficiency and accuracy
• Implement and maintain security controls and procedures to meet compliance requirements

You Are a Great Fit If You Have

• 6 to 8 years of experience in cybersecurity
• In-depth understanding of cloud security principles and experience working with major cloud service providers (e.g., AWS, Azure, GCP) to architect secure cloud infrastructure.
• Deep understanding of security principles, secure coding practices, and secure SDLC.
• Strong knowledge of security assessment and testing tools like Burp Suite, Nuclei, or OWASP ZAP.
• Bachelor’s degree in Computer Science or related field
• Proven track record of successfully implementing security controls and hardening measures for infrastructure components, including network devices, servers, and databases.
• Strong proficiency in CI/CD, IaC, and automated testing, with expertise in tools like Gitlab CI, Git, Docker, Terraform and Kubernetes.
• Extensive experience with security monitoring tools, SIEM, IDS, log analysis, and incident response processes.
• Extensive experience in DevSecOps methodologies, with a proven track record in implementing security practices within complex software environments.
• Familiarity with compliance frameworks and standards relevant to the organization's industry and ability to ensure compliance across systems and applications.
• Expertise in conducting advanced security assessments, vulnerability scanning, penetration testing, and code reviews.
• Excellent problem-solving abilities and the capacity to provide innovative and effective security solutions.
• Strong communication and collaboration skills to work effectively across teams.
• Extensive experience with security automation using languages like Go, Python and Bash.

Bonus Points If You

• Have experience achieving SOC2 HIPAA, ISO 27001 Compliance levels
• Experience with security at the network, transport, and application layers (DNS-SEC, OWASP, HTTP, TLS, etc.)

This role is a full-time position based in our Richmond, BC office. Working from home is available during the Covid pandemic and we are actively considering and trialing hybrid solutions post-pandemic.

We understand everyone has different circumstances; however, we will only consider applicants who are legally eligible to work in Canada.

If you don’t see yourself fully reflected in every job requirement listed for this job, we still encourage you to apply. We are committed to creating a more equitable, inclusive and diverse company and we welcome applicants of all genders, ages, ethnicities, cultures, abilities, sexual orientations, sexual identification, and life experiences.

Sometimes emergencies happen and you may need to reschedule an interview. We understand. Please let us know without worrying about losing the opportunity or your credibility.

PressReader offers a compensation package which includes extended health care, dental, vision and accidental death insurance paid by the company; 15 paid vacation days to start, sick and bereavement days; reimbursements for professional training and membership in professional associations; fitness subsidy and more, along with a chance to be working with amazing people.

To apply, please submit your resume, and a cover letter explaining why you are the right person for this role.

Value