Staff Information Security Engineer (Cloud and Application Security) - Achievers Toronto Bookmark Share Print 185 0 0

Listing Description

The "Achievers Employee Experience Platform™" delivers high-frequency recognition that drives business outcomes for HR and business leaders, from decreased turnover to increased engagement. Designed specifically to meet the needs of today’s workforce, it empowers employees to recognize each other in real time and aligns them to the values and goals of the company. With more than 3 million users, the Employee Experience Platform inspires brilliant performance in 170 countries. Visit us at www.achievers.com to learn more and join us in our mission to Change the Way the World Works™.

As the Staff Information Security Engineer, this individual will be responsible for maintaining, maturing, and expanding Achievers cyber security program, while positioning the organization to be nimble and ready to respond to the ever-changing security landscape. The primary focus of the role is to maintain and implement new security automation tooling  in cloud environments and ensure a smooth developer and IT staff experience by creating secure-by-default guardrails for developer and IT operations self-service consumption. 

Responsibilities:
  • Direct and approve the design of the appsec and cloud infrastructure security program using DevSecOps methodologies 
  • Create and implement new security automation tooling within Achiever’s CI/CD pipeline 
  • Build security-relevant services, infrastructure, and secure-by-default libraries for self-service consumption by the development and IT operation teams 
  • Implement a shift-left strategy to provide early and useful security feedback to our developers and IT operations on their work 
  • Participate in incident response and provide support to security detection functions 
  • Lead developer and IT operations technical security training program 
  • Perform application and infrastructure threat modeling and architecture reviews 
  • Coordinate external pen testing program (ensuring environments setup, fixes deployed and tested)  
  • Triage security vulnerabilities from internal and external vulnerability scans and pen testing engagements 
  • Design and develop incident response automation workflows 
  • Develop automation cases for regression, assertion, and negative testing to find security issues at scale 
  • Communicate best practices and risks to all parts of the business, outside IT and development 
  • Provide training and mentoring to security team members 

    • Qualifications:
  • 5+ years of relevant cyber security experience 
  • 2+ years CI/CD pipeline experience 
  • 2+ years experience in developing and maintaining automation frameworks and integrating security testing 
  • 2+ years experience working with and deploying containers and microservices 
  • 2+ yrs experience with incident handling and automation 
  • 2+ yrs experience working with AWS, Azure, and/or GCP (GCP especially preferred) 
  • 2+ years of experience with Infrastructure as Code tools, such as Terraform 
  • 2+ years of experience in one of scripting languages (preferably Python) 
  • Strong Unix/Linux experience 
  • Strong understanding of security technologies 
  • Knowledge and experience with network, host and application security practices 
  • Experience in identifying and exploiting vulnerabilities in web applications, cloud environments, host configurations, and networks 
  • Knowledge of all bug classes & common vulnerabilities related to web applications and cloud infrastructure (ex. OWASP top 10) 
  • Excellent written and verbal communication skills 
  • Understanding of IT compliance and frameworks and regulatory standards (ISO 27001, CoBIT, ITIL, SOX, Trust Principles etc.) 
    • About Achievers:
     
    As Achievers employees, we are passionate about disruptive technology, welcome constant change, and understand the value of employee success in the workplace. We enjoy coming to work every day because we believe in our product and love our culture. Achievers is more than just a software company; we are industry leaders in the HR space. 

    We have been recognized in numerous publications for our contributions to HR, for technical excellence and for our outstanding workplace culture!


    Achievers does not offer employment to prospects without first ensuring that qualified candidates speak directly with the hiring manager and a member of our HR team. All qualification will be done face-to-face, whether that is in person or over Zoom. Achievers does not send out offers of employment without meeting candidates and does not offer employment via text. If you are requested for any personal information via text and/or without having met a member of our hiring team in person, please disregard.
     
    Our employees are a diverse and inclusive team of passionate, hardworking individuals. Achievers is committed to creating an environment where our employees can do the best work of  their lives. We encourage all qualified candidates to apply to join our A-Player family. Accommodations are available on request for candidates taking part in all aspects of the selection process. 

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!