Lead Security / Senior DevSecOps Engineer (CANADA only)

Remote: 
Full Remote
Contract: 
Work from: 

Offer summary

Qualifications:

5+ years of experience in security engineering and DevSecOps implementation., Proficiency in tools such as Terraform, ArgoCD, AWS, and Docker., Strong understanding of security compliance frameworks like SOC 2, PCI DSS, and ISO 27001., Experience with security monitoring tools and incident response protocols..

Key responsibilities:

  • Lead the implementation of security controls across CI/CD pipelines and cloud infrastructure.
  • Manage real-time security monitoring and incident response efforts.
  • Conduct security risk assessments and ensure compliance with relevant frameworks.
  • Facilitate security training and promote a security-first culture within the technology team.

Berkeley Payments logo
Berkeley Payments
11 - 50 Employees
See all jobs

Job description

This is a remote position.

About Us: 

Berkeley Payments is a leading payment technology provider specializing in innovative solutions for businesses to manage and process payments seamlessly. We pride ourselves on offering cutting-edge financial technology to our clients, empowering businesses to streamline operations and improve their payment processes. 

​ 
Role Overview

Candidates must be located in Canada for this role.

The Lead Security / DevSecOps Engineer will be responsible for strengthening and maintaining the company’s security posture through the implementation of secure development practices, infrastructure security controls, and DevSecOps principles. This hands-on role bridges the gap between software engineering, operations, and cybersecurity—ensuring security is integrated across the entire development lifecycle. 

As a critical member of the Technology team (internally), this individual will lead initiatives related to secure CI/CD pipelines, cloud infrastructure hardening, automated threat detection, and compliance enforcement. The role will involve direct collaboration with engineering, DevOps, and product teams, driving a security-first culture across all technology domains.

Requirements
1. Security Engineering & DevSecOps Implementation
  • Design and implement end-to-end security controls across CI/CD pipelines, Infrastructure as Code (IaC), and deployment workflows using tools such as Terraform and ArgoCD.

  • Integrate automated security scanning tools (SAST, DAST, and dependency scanning) into CI/CD workflows to detect vulnerabilities early.

  • Harden containerized and cloud-native environments across AWS, EKS/Kubernetes, and Docker by applying best-practice configurations and access policies.

  • Champion least-privilege access, enforce strong secrets management, and secure credential handling via tools like AWS IAM and HashiCorp Vault.

  • Build and maintain internal tooling to automate routine security and compliance tasks.

  • Automate and manage SSL/TLS certificate renewals, ensuring secure connectivity across services.

  • Enforce and audit Content Security Policies (CSP) across web-facing applications to mitigate cross-site scripting (XSS) and other client-side threats.

2. Real-Time Security Monitoring & Incident Response
  • Deploy and manage security monitoring tools such as ElasticStack SIEM, AWS GuardDuty, Datadog, and AWS Security Hub to detect and respond to threats.

  • Develop, maintain, and execute incident response playbooks for quick remediation of vulnerabilities or attacks.

  • Configure real-time alerting mechanisms for unauthorized access attempts, configuration drift, and anomalous behavior.

  • Continuously analyze logs and telemetry from Grafana, Loki, and Prometheus, integrating insights into proactive defense strategies.

  • Ingest and act on threat intelligence from AWS and external security feeds.

3. Governance, Risk, & Compliance (GRC)
  • Lead and support security compliance efforts, including SOC 2 Type I/II, PCI DSS, and ISO 27001.

  • Implement automated compliance enforcement and evidence collection within CI/CD and cloud infrastructure.

  • Perform routine security risk assessments, gap analyses, and internal security audits.

  • Collaborate with legal, compliance, and auditing stakeholders to ensure framework alignment and audit readiness.

  • Conduct and oversee vendor and third-party risk assessments and integrate findings into vendor management processes.

  • Maintain centralized documentation for compliance frameworks, control implementations, and audit activities.

4. Secure Architecture & Infrastructure Reviews
  • Lead threat modeling and architecture reviews for new services, infrastructure components, and feature rollouts.

  • Define, enforce, and validate baseline security configurations (e.g., hardened AMIs, Kubernetes security policies, AWS security groups).

  • Collaborate with DevOps and Engineering teams to ensure secure design and configuration of services.

  • Conduct security reviews and performance tuning for AWS RDS MySQL and PostgreSQL databases, including backup, encryption, and access policies.

5. Senior DevOps Engineering & Platform Reliability
  • Manage scalable, resilient infrastructure on AWS, including automation of deployments via Terraform, ArgoCD and EKS.

  • Build and maintain high-throughput, secure CI/CD pipelines using GitHub Actions, enabling fast, repeatable, and traceable releases.

  • Operate and optimize Kubernetes-based environments, ensuring application health, container security, and deployment resilience.

  • Oversee monitoring and serviceability using the Grafana–Loki–Prometheus stack to provide real-time visibility into systems performance, error rates, and operational trends.

  • Manage database infrastructure, ensuring availability, access control, and security of AWS RDS MySQL and PostgreSQL instances.

  • Implement and monitor service-level objectives (SLOs), SLAs, and error budgets in collaboration with product and engineering.

6. Security Culture & Engineering Enablement
  • Conduct targeted security training and awareness sessions tailored to engineers, product managers, and DevOps teams.

  • Embed a DevSecOps-first mindset, ensuring security considerations are addressed from ideation to deployment.

  • Facilitate and document post-incident reviews, capturing lessons learned and driving remediation actions.

  • Mentor team members on security practices, cloud infrastructure, and serviceability tooling.

7. Documentation & Knowledge Sharing
  • Maintain detailed and accessible documentation for security standards, tooling, infrastructure configuration, and response procedures.

  • Build and curate a security and DevOps knowledge base to support internal enablement and reduce onboarding time.

  • Track and report on key performance indicators (KPIs) and metrics related to system security, infrastructure reliability, and compliance maturity.



Required profile

Experience

Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Collaboration
  • Communication
  • Problem Solving

Security Engineer Related jobs