Senior Security Engineer

What Makes You a Great Fit:

We are looking for an experienced Senior Security Engineer to join our growing Security Engineering team! 

Can you assess and interpret data better than those around you? Are you a thought leader? Are you a great team player and love being part of a vibrant, intelligent team? If this sounds like you, come join us at Pebl.

The general core working hours will be 10am-4pm PST. This role is fully remote for candidates living in British Columbia and Ontario. You will report to the Senior Manager, Security Engineering.

How You'll Make an Impact:

As a senior security engineer at Pebl, you will be a hands-on engineer, responsible for ensuring the security, efficiency, and continuous innovation of our platform to support our engineering teams. You're responsible to ensure applications adhering required standards, regulations and compliance requirements (eg. GDPR / HIPPA / OWASP)

• Create the use of modern, cloud-first, security-first design patterns and integrate these with existing systems.
• Naturally accountable and responsible.
• Experience bringing security solutions to production and operate them in cloud environments.
• Partner with developers, technology leaders, and external partners to address security risks.
• Collaborate with our teams to design and implement security best practices across the development lifecycle.
• Support security projects related to DevOps, SRE, and cloud security architectures.
• Research and recommend new security tools and methodologies to improve testing capabilities.
• Demonstrated ability to coordinate incident response in mission critical systems.
• Maintain security incident tracking tools, capturing all necessary data and documenting findings.
• Be a technical advisor on Application Security best practices, focusing on security, performance, and cost optimization for projects and teams.
• Help to embed security best practices within the automation process, creating a robust and secure cloud environment.
• Diagnose and troubleshoot technical issues, perform root cause analysis, and escalate complex issues.
• Monitor and optimize application performance and service quality, ensuring quick issue resolution.
• Communicate updates to project leads and escalate issues when needed

Let's Connect If You:

• Have 5+ years of experience in DevSecOps, cloud-based provisioning, CI/CD pipeline management, monitoring, and troubleshooting.
• 5+ years of hands-on experience with public cloud providers
• Experience with multiple coding and scripting languages such as Python, TypeScript.
• Strong experience of using modern containerization software including Docker, Kubernetes and serverless technologies.
• Strong knowledge of DevSecOps automation, such as Terraform, Github, and Gitlab.
• Experience with web and network security (eg. OWASP Top 10)
• Excellent problem-solving and analytical skills, with experience interpreting and acting on data.
• Proficiency in evaluating and mitigating the risks associated with application vulnerabilities is important, encompassing the capability to prioritize findings from static code analysis, dependency scanning, API scanning, secret detection, and web application scanning.
• Understanding of SOC2 Type 2, ISO, GDPR, and CCPA standards and their certification and audit processes.
• Demonstrated ability to communicate technical concepts to varied audiences concisely.
• Experience with data and reporting processes to support DevSecOps KPIs and metrics.
• Demonstrated expertise in strategic thinking, strong business acumen, and a highly creative problem solver.
• Experience with CI/CD security best practices and DevSecOps methodologies.
• Reside in the province of British Columbia or Ontario

Nice to have qualities:

• Experience with automation tools such as Cloud Formation and Terraform.
• Familiarity with AWS IAM, API Security, Container Security, and Cloud Security.
• Knowledge of observability tooling (eg. Datadog, Prometheus).
• Experience with cloud services at scale (VPC, IAM, RBAC, etc.).
• Project Management experience.