4FMV is looking for a DevOps Security Engineer for a client in Downtown Toronto on a long term contract. Located just steps from Union Station, our client is a leader in their field and recognized as one of Canada's Top 100 Employers.
Our client is expanding its security team and aggressively overhauling all it does, including embracing DevOps. The DevOps Security Engineer will be responsible for representing the security department in all matters relating to DevOps, and is expected to be a subject matter expert.
This role blurs the line between Security, Infrastructure, and Teranet traditional Developers. Daily tasks by the DevOps Security Engineer include owning the DevOps monitoring solutions, DevOps best practices, assisting with the Automation stack, and daily operational duties.
This role will also include advising the DevOps team of best practices for implementing DevOps in a secure manner. The individual chosen will be primary for responding to and refining of logging, monitoring, and IPS/WAF solutions related to DevOPS (as well as other non-containerized applications), ensuring that appropriate alerting is in place to detect system issues as well as
- Operate and maintain current implementation of Aqua Security tool
- Develop and deploy a strategy to migrate from current implementation of Aqua to Twistlock
- Develop a roadmap for DevOps Security, including recommendation of tools and process refinement to be implemented
- Perform security assessment of all DevOps related environments, including evaluation of core DevOps principles, to identify best practices
- Act as Subject Matter Expert for DevOps from a security perspective
- Take lead on responding to and tuning of alerts related to DevOps and Application related security tools
- Respond to and recommend for WAF related to both DevOps, as well as non-containerized applications
- Evangelize, communicate and be a champion for the DevOps vision and technology stack to the various I & O and Teranet development teams
- Act as a mentor for Security resources, as well as provide training to team resources on response to alerts, refinement strategies, and new tools and processes
- Develop and deploy a strategy to secure the DevOps infrastructure systems in 2020, accounting for the various functionality
- Assist in the continued deployment of SDDC vision with On-Prem and Public Cloud infrastructure
- Assist in the deployment of Red Hat Open Shift Container Platform technologies
- Responsible for evaluating current and future-state initiatives and providing expertise and hands-on experience automating and orchestrating IT software and services.
- Provide on-call and day to day operations of the current DevOps Infrastructure stack
- Bachelor’s degree in computer science, engineering, or a related discipline
- At least 5 years’ experience in Information Security
- At least 5 years of experience in systems development with 3 years in Red Hat Linux environments and 2 years in DevOps teams following Agile development process
- Experience in administering and maintaining security solutions for DevOps environments
- Experience in Security best practices related to DevOps
- Experience in responding to and tuning of security alerts related to DevOps (Aqua and WAF)
- Experience creating security rules and signatures in response to the latest threats
- Experience working with on Premise OCP infrastructure
- Strong knowledge of CI/CD tools including Jenkins, GIT and Artifactory
- Experience with application security and secure coding