Key Responsibilities

• DevSecOps Core Functions:
  • Integrate security practices into the CI/CD pipeline to ensure secure code deployment.
  • Collaborate with development operations and security teams to design and implement secure scalable and reliable systems.
  • Automate security testing monitoring and compliance checks within the development lifecycle.
• Threat and Risk Assessments (TRA):
  • Assist with or conduct regular TRAs to identify potential security risks and vulnerabilities in our data platform and applications.
  • Provide actionable recommendations to mitigate identified risks and ensure compliance with industry standards (e.g. ISO 27001 NIST SOC 2 GDPR).
• Ethical Hacking and Penetration Testing:
  • Act as an internal red team member adopting a hacker mindset to proactively poke holes in our data platform and applications.
  • Perform penetration testing vulnerability assessments and exploit simulations to uncover weaknesses before malicious actors do.
• Security Incident Handling:
  • Own the end-to-end security incident response process including detection triage containment eradication and recovery.
  • Document incidents perform root cause analysis and implement preventive measures to avoid recurrence.
• Hands-On Technical Expertise:
  • Manage and secure Kubernetes clusters including deployment scaling and monitoring of containerized workloads.
  • Leverage Azure services (e.g. Azure Kubernetes Service Azure Security Center Azure Monitor) to build and maintain a secure cloud environment.
  • Implement Infrastructure as Code (IaC) using tools like Terraform or Azure ARM templates with a security-first approach.
• Log Management and Monitoring:
  • Design implement and manage centralized logging solutions to ensure comprehensive visibility into system activity.
  • Analyze logs to detect anomalies investigate security events and ensure compliance with auditing requirements.
• Collaboration and Leadership:
  • Act as a subject matter expert on security best practices mentoring team members and promoting a security-conscious culture.
  • Work closely with stakeholders to align security initiatives with business objectives.
• Continuous Improvement:
  • Research and identify tools and practices to improve our security stance.
  • Participate in tabletop exercises related to process development and improvement. Review implement and improve security practices around the software development lifecycle.

Qualifications and Desired Skills

• 5 years or equivalent of experience in DevOps SecOps or related roles including exposure to both on-premise and cloud deployments.
• Proven experience conducting Threat and Risk Assessments (TRA) and penetration testing.
• Experience with securing data platforms and distributed data systems.
• Hands-on experience managing Kubernetes in production environments.
• Strong working knowledge of Azure cloud services and security tools.
• Proficiency with CI/CD tools (e.g. Jenkins GitLab CI/CD Azure DevOps).
• Expertise in container security and orchestration (Kubernetes Docker).
• Familiarity with scripting languages (e.g. Python Bash PowerShell) for automation.
• Experience with log management and monitoring tools (e.g. Azure Log Analytics Loki ELK SIEMS).
• Demonstrated awareness of established security standards and structures such as ISO 27001 NIST 800 MITRE ATTCCK.
• Strong knowledge in networking and administration of Windows and Linux operating systems.
• Strong knowledge in Azure or other public cloud technologies.
• Strong problem-solving skills with a proactive and hacker-like mindset.
• Ability to communicate effectively in-person and remote both in verbal and written presentations and reports.
• Demonstrated commitment and passion in cybersecurity and privacy including willingness to push through adversity.
• Willingness to undergo and pass both initial and annual background checks including Ontario CRJM

Optional Qualifications

• Experience in security-related practices around the software development lifecycle including secure coding CI/CD release management
• Familiarity with compliance requirements specific to our industry (e.g. GDPR HIPAA PCI- DSS).
• Experience in handling security-sensitive IT functions such as securing endpoints vendor management asset tracking
• Experience in operating or implementing institutional certifications such as SOC 2 ISO 27000

Certification (Preferred)

• Certified in one or more recognized industry cybersecurity standards such as CompTIA Security CISSP CEH etc.
• Certification in Azure or other cloud technologies
• Certification or training in specific cybersecurity skills such as digital forensics event analysis open source intelligence ethical hacking
• Bachelors degree in computer science software engineering cybersecurity or related fields; or equivalent