infosec-jobs.com
Staff Information Security Engineer (Cloud and Application Security)
Toronto
Applications have closed
Achievers
Achievers' award-winning employee engagement software and platform creates a workplace environment that accelerates engagement and performance. Learn more.The "Achievers Employee Experience Platform™" delivers high-frequency recognition that drives business outcomes for HR and business leaders, from decreased turnover to increased engagement. Designed specifically to meet the needs of today’s workforce, it empowers employees to recognize each other in real time and aligns them to the values and goals of the company. With more than 3 million users, the Employee Experience Platform inspires brilliant performance in 170 countries. Visit us at www.achievers.com to learn more and join us in our mission to Change the Way the World Works™.
As the Staff Information Security Engineer, this individual will be responsible for maintaining, maturing, and expanding Achievers cyber security program, while positioning the organization to be nimble and ready to respond to the ever-changing security landscape. The primary focus of the role is to maintain and implement new security automation tooling in cloud environments and ensure a smooth developer and IT staff experience by creating secure-by-default guardrails for developer and IT operations self-service consumption.
Responsibilities:
- Direct and approve the design of the appsec and cloud infrastructure security program using DevSecOps methodologies
- Create and implement new security automation tooling within Achiever’s CI/CD pipeline
- Build security-relevant services, infrastructure, and secure-by-default libraries for self-service consumption by the development and IT operation teams
- Implement a shift-left strategy to provide early and useful security feedback to our developers and IT operations on their work
- Participate in incident response and provide support to security detection functions
- Lead developer and IT operations technical security training program
- Perform application and infrastructure threat modeling and architecture reviews
- Coordinate external pen testing program (ensuring environments setup, fixes deployed and tested)
- Triage security vulnerabilities from internal and external vulnerability scans and pen testing engagements
- Design and develop incident response automation workflows
- Develop automation cases for regression, assertion, and negative testing to find security issues at scale
- Communicate best practices and risks to all parts of the business, outside IT and development
- Provide training and mentoring to security team members
Qualifications:
- 5+ years of relevant cyber security experience
- 2+ years CI/CD pipeline experience
- 2+ years experience in developing and maintaining automation frameworks and integrating security testing
- 2+ years experience working with and deploying containers and microservices
- 2+ yrs experience with incident handling and automation
- 2+ yrs experience working with AWS, Azure, and/or GCP (GCP especially preferred)
- 2+ years of experience with Infrastructure as Code tools, such as Terraform
- 2+ years of experience in one of scripting languages (preferably Python)
- Strong Unix/Linux experience
- Strong understanding of security technologies
- Knowledge and experience with network, host and application security practices
- Experience in identifying and exploiting vulnerabilities in web applications, cloud environments, host configurations, and networks
- Knowledge of all bug classes & common vulnerabilities related to web applications and cloud infrastructure (ex. OWASP top 10)
- Excellent written and verbal communication skills
- Understanding of IT compliance and frameworks and regulatory standards (ISO 27001, CoBIT, ITIL, SOX, Trust Principles etc.)
About Achievers:
As Achievers employees, we are passionate about disruptive technology, welcome constant change, and understand the value of employee success in the workplace. We enjoy coming to work every day because we believe in our product and love our culture. Achievers is more than just a software company; we are industry leaders in the HR space.
We have been recognized in numerous publications for our contributions to HR, for technical excellence and for our outstanding workplace culture!
Achievers does not offer employment to prospects without first ensuring that qualified candidates speak directly with the hiring manager and a member of our HR team. All qualification will be done face-to-face, whether that is in person or over Zoom. Achievers does not send out offers of employment without meeting candidates and does not offer employment via text. If you are requested for any personal information via text and/or without having met a member of our hiring team in person, please disregard.
Our employees are a diverse and inclusive team of passionate, hardworking individuals. Achievers is committed to creating an environment where our employees can do the best work of their lives. We encourage all qualified candidates to apply to join our A-Player family. Accommodations are available on request for candidates taking part in all aspects of the selection process.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS Azure CI/CD Cloud CoBIT Compliance DevSecOps GCP Incident response ISO 27001 ITIL Linux Microservices OWASP Pentesting Python Scripting Strategy Terraform UNIX Vulnerabilities Vulnerability scans
Perks/benefits: Career development
Region:
North America
Country:
Canada
Job stats:
17
0
0
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs