Application Security Engineer - DevSecOps

at  Global Spatial Technology Solutions

WHAT WE DO

Global Spatial Technology Solutions (GSTS) is a Global Maritime Intelligence company delivering solutions to enhance decision making across the maritime and logistics industry. Our platform, OCIANA, is designed to save lives, energy and the environment on a global scale using innovative data collection and analysis techniques.
GSTS is building up a team to support the continued development and commercialization of this capability that will have a major impact on maritime risk and vessel efficiency on a global scale. We seek individuals with drive, initiative, and motivation to join our team and make the world a safer, greener place for all. Read more at: www.gsts.ca

EXPERIENCE & QUALIFICATIONS

• At least three (3) years of experience with AWS Cloud services, including VPC, Guard Duty, Security Hub, Control Tower, ECS (Fargate), ECR, RDS, IAM, CloudWatch (Logging, Metrics, Alarms)
• Experience in security scanning as a function of CI/CD: SAST, DAST, License auditing
• Experience in developing Continuous Integration / Continuous Delivery pipelines
• Experience in shell scripting (Bash or sh)
• Strong hands-on knowledge of AWS CloudFormation
• Clear understanding of networking technologies including Routing, Load Balancers, Firewalls, WAF, CDNs and DNS
• Proficient in scripting Git/GitLab workflows
• Experience working with containerization tools including Docker and Elastic container service
• Excellent spoken and written communication skills

ADDITIONAL SKILLS AN ASSET

• Experience with other cloud platforms: Azure, GCP
• Experience managing Machine Learning / AI deployments
• Experience in Agile / scrum environments
• Penetration testing experience
• Security practitioner certification
• Valid security clearance held

THE ROLE

As Application Security Engineer – DevSecOps, you will be a core member of the GSTS Operations team, jointly responsible for leading the ongoing security, maintenance and development of cloud infrastructure and deployment automation. You will be part of a team that manages platform security as a key priority, involving configuration management activities for the core software products of GSTS. The role requires the capability to automate security and audit activities in relation to code deployment, cloud provisioning, and maintenance actions. You will also manage monitoring and alerting infrastructure that measures the health and security of deployed products. As Application Security Engineer - DevSecOps, you will be key in achieving deployments and infrastructure that meets security and compliance objectives. Your ability to influence policies, document processes, and perform knowledge sharing will be crucial to the role, allowing you to effectively communicate notions of security and identify necessary controls to mitigate risks.

KEY RESPONSIBILITIES

As a member of the GSTS team, Application Security Engineer - DevSecOps will:

• Implement security practices on AWS cloud configurations, and product development and deployment pipelines
• Maintain security testing infrastructure, including CI/CD jobs and ongoing monitoring software configurations
• Participate and host Security Team activities, including simulated incidents and auditing
• Configure and secure network infrastructure to support safe software product delivery
• Support the broader team in developing secure images to underpin containerized deploys
• Participate in Agile rituals throughout the execution of work
• Develop clear and concise documentation of their work, through team interactions in issues/tickets and in contribution to project and audit reporting.