Cloud Security Developer

This is a fully remote position, open to applicants in Canada.

📋 Description

• Develop and uphold robust security measures to safeguard our cloud infrastructure and applications.

• Identify, address, and verify security vulnerabilities within cloud infrastructure.

• Conduct architectural and design reviews with a security perspective, delivering timely and actionable requirements and recommendations.

• Partner with security leadership, compliance, and engineering teams to implement security strategies.

• Create, deploy, and oversee security tools such as WAF, IDS/IPS, workload protection, GCP Command Center, and Azure Security Center, among others.

• Suggest and contribute to enhancements in security and compliance for nesto's CI/CD pipelines and deployment processes.

• Automate infrastructure provisioning and deployment workflows utilizing Infrastructure as Code (IaC) tools like Terraform or Pulumi.

• Design and maintain scalable processes for cloud access provision while ensuring least privilege principles are upheld.

• Engage in and support the incident detection and response process by improving observability and alerting, as well as assisting the incident response team.

• Self-manage and prioritize tasks effectively and independently.

• Assist with audits and first-party security questionnaires.

• Conduct and oversee security evaluations and threat modeling activities.

• Implement security measures within Kubernetes.

• Develop DevSecOps tools and integrations.

⛳️ Requirements

• Over 5 years of experience working within a team focused on infrastructure and/or security.

• More than 5 years of development experience, ideally in GoLang and TypeScript/JS.

• Familiarity with common web application vulnerabilities and the OWASP Top 10 framework.

• Ability to analyze and act on results from DAST and SAST tools (e.g., Tenable, Snyk).

• Proficient in DevSecOps principles and knowledgeable about CI/CD pipelines (GitHub Actions, Argo CD, Azure DevOps) for automated security testing.

• Experience in deploying and customizing security tools to mitigate threats and reduce risk, including vulnerability scanners, static analyzers, web application firewalls (WAFs), intrusion detection/prevention systems (IDS/IPS), and endpoint security monitoring.

• Solid understanding of cloud and network security, with a thorough knowledge of Kubernetes.

• Experience in GCP with familiarity in one or more of the following services: Security Command Center, GKE, Cloud IDS, Cloud Armor, and Secrets Manager.

• Experience in Azure with knowledge of one or more of the following services: Security Center, Azure PaaS App Services, VMs, Azure SQL, Front Door, and Key Vault.

• Proficient in writing infrastructure-as-code using tools such as Terraform, Pulumi, and Helm.

• Knowledge of common security-related frameworks and benchmarks such as CIS, NIST, and MITRE ATT&CK.

• Understanding of identity and access management (IAM) principles and cloud-native IAM solutions.

• Eager to learn continuously and share knowledge with colleagues.

• Bilingual in English and French.

🏝️ Benefits

• Comprehensive benefits plan fully funded by nesto, including extensive insurance and unlimited access to telemedicine and mental health services for you and your family.

• 4 weeks of vacation to help you maintain peak performance.

• Access to the necessary resources and technology to work efficiently.

• An environment designed for productivity and teamwork (Hybrid model).