Staff Information Security Engineer (Cloud and Application Security)


Applications have closed


Achievers' award-winning employee engagement software and platform creates a workplace environment that accelerates engagement and performance. Learn more.

View company page

The "Achievers Employee Experience Platform™" delivers high-frequency recognition that drives business outcomes for HR and business leaders, from decreased turnover to increased engagement. Designed specifically to meet the needs of today’s workforce, it empowers employees to recognize each other in real time and aligns them to the values and goals of the company. With more than 3 million users, the Employee Experience Platform inspires brilliant performance in 170 countries. Visit us at to learn more and join us in our mission to Change the Way the World Works™.

As the Staff Information Security Engineer, this individual will be responsible for maintaining, maturing, and expanding Achievers cyber security program, while positioning the organization to be nimble and ready to respond to the ever-changing security landscape. The primary focus of the role is to maintain and implement new security automation tooling  in cloud environments and ensure a smooth developer and IT staff experience by creating secure-by-default guardrails for developer and IT operations self-service consumption. 


  • Direct and approve the design of the appsec and cloud infrastructure security program using DevSecOps methodologies 
  • Create and implement new security automation tooling within Achiever’s CI/CD pipeline 
  • Build security-relevant services, infrastructure, and secure-by-default libraries for self-service consumption by the development and IT operation teams 
  • Implement a shift-left strategy to provide early and useful security feedback to our developers and IT operations on their work 
  • Participate in incident response and provide support to security detection functions 
  • Lead developer and IT operations technical security training program 
  • Perform application and infrastructure threat modeling and architecture reviews 
  • Coordinate external pen testing program (ensuring environments setup, fixes deployed and tested)  
  • Triage security vulnerabilities from internal and external vulnerability scans and pen testing engagements 
  • Design and develop incident response automation workflows 
  • Develop automation cases for regression, assertion, and negative testing to find security issues at scale 
  • Communicate best practices and risks to all parts of the business, outside IT and development 
  • Provide training and mentoring to security team members 


  • 5+ years of relevant cyber security experience 
  • 2+ years CI/CD pipeline experience 
  • 2+ years experience in developing and maintaining automation frameworks and integrating security testing 
  • 2+ years experience working with and deploying containers and microservices 
  • 2+ yrs experience with incident handling and automation 
  • 2+ yrs experience working with AWS, Azure, and/or GCP (GCP especially preferred) 
  • 2+ years of experience with Infrastructure as Code tools, such as Terraform 
  • 2+ years of experience in one of scripting languages (preferably Python) 
  • Strong Unix/Linux experience 
  • Strong understanding of security technologies 
  • Knowledge and experience with network, host and application security practices 
  • Experience in identifying and exploiting vulnerabilities in web applications, cloud environments, host configurations, and networks 
  • Knowledge of all bug classes & common vulnerabilities related to web applications and cloud infrastructure (ex. OWASP top 10) 
  • Excellent written and verbal communication skills 
  • Understanding of IT compliance and frameworks and regulatory standards (ISO 27001, CoBIT, ITIL, SOX, Trust Principles etc.) 
About Achievers:
As Achievers employees, we are passionate about disruptive technology, welcome constant change, and understand the value of employee success in the workplace. We enjoy coming to work every day because we believe in our product and love our culture. Achievers is more than just a software company; we are industry leaders in the HR space. 

We have been recognized in numerous publications for our contributions to HR, for technical excellence and for our outstanding workplace culture!

Achievers does not offer employment to prospects without first ensuring that qualified candidates speak directly with the hiring manager and a member of our HR team. All qualification will be done face-to-face, whether that is in person or over Zoom. Achievers does not send out offers of employment without meeting candidates and does not offer employment via text. If you are requested for any personal information via text and/or without having met a member of our hiring team in person, please disregard.
Our employees are a diverse and inclusive team of passionate, hardworking individuals. Achievers is committed to creating an environment where our employees can do the best work of  their lives. We encourage all qualified candidates to apply to join our A-Player family. Accommodations are available on request for candidates taking part in all aspects of the selection process. 

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Automation AWS Azure CI/CD Cloud CoBIT Compliance DevSecOps GCP Incident response ISO 27001 ITIL Linux Microservices OWASP Pentesting Python Scripting Strategy Terraform UNIX Vulnerabilities Vulnerability scans

Perks/benefits: Career development

Region: North America
Country: Canada

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.