Staff Security Engineer

About The Position

Requirements

• Problem-Solving: Ability to bring standardization to inconsistent internal practices and transition to industry best practices.
• Communication: Strong communication skills essential for partnering with engineering teams.
• Commitment: Demonstrated commitment to teamwork, professionalism, and authenticity, fostering trust and accountability.
• Grit: Understanding that establishing security best practices is a marathon requiring persistence across many stakeholders.
• Overall Experience: Minimum of 10+ years of overall experience, with at least 5+ years dedicated to Application Security.
• Development Practices: Deep, hands-on experience in Secure by Design development practices, including guiding Secure Architecture and System Design.
• Cloud Proficiency: Extensive experience securing production systems in Cloud environments (e.g., AWS, Azure, GCP).
• Coding Proficiency: Ability to build maintainable components in Go or Python.
• CI/CD Fundamentals: Hands-on experience with jenkins/cloud pipelines/ circleci (bonus points for experience with reusable workflows).
• Cloud & Infrastructure: Experience working with containerization (e.g., Docker, OCI), Terraform, and Kubernetes (K8s).
• Tooling: Proven ability to build, select, and implement application security tools, and integrate them into CI/CD pipelines.
• Education: Bachelor's degree in Computer Science or equivalent practical experience.

Responsibilities

• Policy Definition: Define, document, and champion processes and practices for a secure Software Development Life Cycle (SDLC).
• Security Culture: Be a driving force in establishing a strong security culture within platform engineering teams.
• Proactive Security: Lead Threat Modeling as a core principle for the Secure by Design strategy.
• Secure Design Reviews: Conduct Secure Code and Architecture Design Reviews, including threat modeling and technology/risk-based assessments.
• Automation: Automate application security testing and controls, integrating them directly into the CI/CD pipelines.
• Tooling: Responsible for the deployment, operation, and tuning of security tools (SAST, DAST, IAST, and CSPM), with a focus on platforms like CodeQL and Wiz.io.
• Vulnerability Management: Partner with engineering to effectively prioritize and remediate identified vulnerabilities.
• Supply Chain & Testing: Manage tools for Software Composition Analysis (SCA) to ensure supply chain security. Coordinate internal and external Penetration Testing activities with the Security Operations team.

Benefits

• Industry competitive compensation and equity plan
• Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
• Full medical coverage (Extended health care, dental, vision)
• Top-of-line equipment
• In-office workspace (Vancouver, BC Canada)
• Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
• Events and activities both team-based and company wide that inspire, educate and cultivate