Senior AWS DevSecOps Engineer-Canada

Job title: Senior AWS DevSecOps Engineer-Canada

Company: Zortech Solutions

Job description: Role: Senior AWS DevSecOps EngineerLocation: Canada (Remote)Duration: 6+ MonthsJob Description:Responsibilities:Please look for a senior resource with 10+ years of experience who have also worked as DevSec Engineer.SecOps Infrastructure Setup: Plan, design, and implement a secure and resilient AWS infrastructure to support a global multi-tenant environment, incorporating security best practices from the initial design phase.Automation of Security Processes: Utilize AWS tools like CloudFormation, Elastic Beanstalk and AWS Lambda to automate security controls and compliance checks throughout the infrastructure setup and management processes.Secure Application Deployment: Implement secure deployment pipelines and practices to deploy, manage, and monitor applications on AWS infrastructure, ensuring security is integrated into every stage of the deployment lifecycle.Continuous Monitoring and Incident Response: Establish comprehensive monitoring and logging solutions using tools like CloudWatch and CloudTrail to detect and respond to security incidents in real-time. Develop and implement incident response procedures for swift identification, containment, eradication, and recovery from security threats.SecOps Microservices Management: Utilize AWS services such as AWS Lambda, AWS Fargate, and Amazon ECS to manage and orchestrate microservices-based applications securely, focusing on secure communication and data protection.Additional Duties:Security Compliance and Regulations: Stay informed about the latest security compliance regulations and ensure that systems and processes align with industry standards, integrating security compliance checks into the CI/CD pipeline.Vulnerability Management and Threat Intelligence: Prioritize and remediate vulnerabilities in a timely manner, leveraging threat intelligence to proactively identify and respond to potential security threats. Implement vulnerability scanning tools and processes for continuous security assessments.Secure Development Practices: Integrate security into the software development lifecycle, conducting secure code reviews, implementing security testing tools, and promoting a security-first mindset among development teams.Network Security and Identity Management: Secure network infrastructure to prevent unauthorized access, implement secure IAM policies to control access, and ensure least privilege access for users and applications.Encryption and Data Protection: Implement encryption mechanisms to protect data at rest and in transit, focusing on secure key management and data encryption best practices in cloud environments like Azure and AWS.Disaster Recovery and Business Continuity Planning: Develop and implement disaster recovery strategies, including backups, failover systems, and recovery plans to ensure business continuity in the event of security incidents or disasters.Soft Skills Required:Effective Communication: Strong communication skills are essential for collaborating with cross-functional teams, conveying security requirements effectively, and facilitating incident response communication.Problem-Solving and Critical Thinking: The ability to analyze complex security issues, identify root causes, and develop innovative solutions to security challenges is crucial in a SecOps environment.Adaptability and Resilience: Given the dynamic nature of security threats, being adaptable and resilient in responding to evolving security incidents and operational changes is key.Collaboration and Teamwork: Working collaboratively with security, operations, and development teams to implement security measures, conduct security reviews, and address security incidents collectively.Time Management and Prioritization: Prioritizing security tasks, managing time effectively during incident response, and balancing security requirements with operational needs.Empathy and Stakeholder Engagement: Understanding the perspectives of different stakeholders, including users, developers, and security teams, to build consensus and promote a security-aware culture.Decision-Making and Risk Assessment: Making informed decisions based on risk assessments, security best practices, and business impact analysis to mitigate security risks effectively.Conflict Resolution and Negotiation: Resolving conflicts related to security priorities, negotiating security requirements with stakeholders, and fostering a collaborative security culture.Creativity and Innovation: Thinking creatively to develop novel security solutions, implement innovative security practices, and adapt to emerging security threats.Emotional Intelligence and Relationship Building: Building strong relationships with team members, stakeholders, and external partners to foster trust, collaboration, and effective security communication.Technical Writing and Documentation: Documenting security procedures, incident response plans, and security configurations effectively to ensure clear communication and knowledge sharing.Hard Skills Required:Security Automation Tools: Demonstrate proficiency in using AWS serverless technologies like AWS Security Hub to automate security controls, compliance checks, and incident response processes, ensuring streamlined security operations and rapid response to security incidents.Security Information and Event Management (SIEM): Experience with various tools such as AWS Security Hub and AWS Cloudtrail for centralized security monitoring, log analysis, and threat detection and integration with third party SIEM solutions.Penetration Testing and Vulnerability Assessment: Knowledge of conducting penetration tests, vulnerability assessments, and security audits to identify and remediate security vulnerabilities effectively.Security Orchestration and Response (SOAR): Familiarity with SOAR platforms for orchestrating security incident response workflows, automating security tasks, and improving response efficiency.Threat Intelligence Platforms: Understanding of threat intelligence platforms to gather, analyze, and act on threat intelligence data for proactive security measures.Secure Coding Practices: Knowledge of secure coding practices, secure software development methodologies, and secure deployment pipelines to ensure secure application development and deployment.Security Certifications: Relevant security certifications such as CISSP, CISM, CEH, or AWS Certified Security Specialty to demonstrate expertise in security best practices and compliance standards.Cloud Security: Expertise in cloud security principles, secure cloud architecture design, and cloud security controls for AWS, Azure, or Google Cloud environments.Incident Response Planning: Experience in developing incident response plans, conducting tabletop exercises, and leading incident response teams during security incidents.Security Compliance Frameworks: Understanding of security compliance frameworks such as NIST, ISO 27001, or SOC 2, and experience aligning security practices with regulatory requirements.Secure Network Design: Knowledge of secure network design principles, network segmentation, firewall configurations, and secure communication protocols to protect network infrastructure.Load Balancing and Scaling (ALB, ASG)Personal Qualities:Passionate about process automationPursues optimizations, improvements, or changesSelf-starter; able to self-manage workload and work autonomously

Expected salary:

Location: Toronto, ON

Job date: Fri, 02 Aug 2024 22:09:04 GMT

Apply for the job now!