Senior Security Engineer (Cloud and DevSecOps) - Jobs in Halifax

Job Description

TELUS Health and LifeWorks have recently come together to leverage the power of technology and our caring cultures to further progress our shared goal of building a healthier and friendlier future for all. As a global-leading health and well-being provider - encompassing physical, mental and financial health - TELUS Health is improving health outcomes for consumers, patients, healthcare professionals, employers and employees.Join our team!We live in and work in a rapidly evolving digital world where cyber security is critical. Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health CSO team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.The TELUS Health CSO team is committed to providing excellence in securing our internal and customers #39; data and systems, ensuring world-class reliability of security networks and systems, and improving our overall cyber security posture. We manage our cyber risks and provide industry leading cyber governance, assurance and oversight to secure our data globally.We partner with industry leaders to meet the cyber security needs of both TELUS Health and our customers to meet the demands of an increasingly complex and ever-changing cyber security landscape. We are passionate about learning and growing as individuals and as a team, all of which enables us to thrive in a dynamic, fast-paced environment.Here #39;s the impact you #39;ll make and what we #39;ll accomplish together.Do you enjoy working on high-scale, complex, and high visibility projects and programs If yes, consider the following opportunity:You #39;ll join the TELUS Health CSO team as a Senior Security Engineer This role is responsible for defining and integrating security into all aspects of product development and cloud adoption and operation. You will be responsible for evangelizing, educating, designing and integrating security.Your role will be critical to ensure TELUS Health is able to safely adopt and exploit the opportunities provided by cloud services and agile product development. You will need to ensure the right balance of centrally mandated CSO controls and policies, with controls integrated into local pipelines and practices, ensuring an effective level of visibility, governance, prevention, detection, response and recovery is in place to manage cyber risk and meet our client and regulatory obligations.Summary of DutiesThe role will support the manager of DevSecOps within TELUS Health CSO in leading the engineering of security within the product pipelines, representing CSO.This role will also provide leadership within the product teams for security related issues and managing tasks interfacing with other teams within CSO on areas such as client presentations, security audits as well as choosing and working with security tools. The individual will also be involved in promoting security awareness, disaster recovery planning, testing and corporate security policy maintenance and enforcement as well as threat and risk assessments.Responsibilities:

• Provides leadership in technology development and supports activities including business requirements definition, design, quality assurance, implementation and technical support
• Manages delivery of assigned tasks using project management discipline
• Works independently with minimal supervision
• Participates in SDLC and technology integration projects using security technology tools and techniques
• Sets high standards for own work and ensure high quality outcomes are achieved
• Prepares project estimates and schedules of project activities as required
• Sets realistic and achievable expectations for deliverables
• Ensures effective work habits including punctuality, responsiveness and accessibility to others
• Coaches and mentors more junior staff members within the IT Group as required
• Provides timely feedback to team members on matters related to technology development and team interaction
• Works effectively as a member of the TELUS Health CSO
• Promotes team work and collegiality in the work environment
• Observes the corporate values of TELUS Health
• Promotes TELUS Health as the service provider of choice in the industry
• Attends internal training sessions to build knowledge of industry topics and trends
• Assists incident response and remediation, special projects and other tasks, as required
• Understanding of regional privacy requirements (GDPR, Australians, Chinese, US, Canadian Privacy Laws)
• Managing an enterprise SIEM solution
• Able to manage a vulnerability assessment platform (web application and infrastructure) and supplement with penetration testing.
• Writing scripts in least one scripting language (Python, Powershell, Linux command line etc) for discovery and auditing purposes

Working as a partner to the product teams and TELUS Health Cloud programme, this role will drive the adoption of secure Cloud and application security within the pipelines and processes of the product.

• Cloud Security:
• Apply security into the Cloud control plane spanning IaaS, PaaS and SaaS services, ensuring our Cloud exposure and posture is visible, under governance and a secure baseline is in place
• Define and deliver security capabilities into the data plane, ensuring our workloads, containers, serverless and use of Cloud services has the preventative, detective and response capabilities need in order to prevent, detect and respond to cyber attacks effectively
• Extend CSO services through appropriate integration into Cloud environments, ensuring a full view of vulnerabilities spanning Cloud configuration to workload vulnerabilities exists, and ensuring monitoring, triage and incident response activities encompass products operating in the Cloud
• Deliver reporting, assessments and metrics of Cloud security posture, ensuring appropriate prioritisation of exposures by risk and threat
• Ensure Cloud teams have the right level of security expertise to operate their aspects of the security operating model
• Define and implement tooling to support secure operation of the Cloud including validation of InfrastructureAsCode, container security, API security, serverless security, secrets management, CWPP, CSPM etc.
• Define repeatable patterns for Cloud design and integrate these into Cloud and product teams such as VPC design, Internet access and identity integration to deliver consistent security across standardised models
• Work with the SecOps team to define response playbooks for Cloud incidents, and seek out automation for common events to ensure sustainable T1/T2 operation
• Work with the SecOps team to define the runbooks for Cloud security tooling operated by the CSO team, ensuring sustainable security operation in the Cloud
• DevSecOps:
• Work across product teams to integrate security into the SDLC / CICD pipeline through consideration of security at each step. Extension of security into the design, developer environment (IDE), software composition analysis. static assessment and dynamic assessment as part of the local CICD pipeline
• Drive consistency of control and solution across the tooling applied within each product team. Whilst a single solution will not always be desirable, seek out consolidation where possible and ensure all solutions have consistent levels of security
• Identify, justify and promote the use of shared security services or patterns (e.g. Web Application Firewalls) that can deliver consistent security protection without impeding local product agility or effectiveness
• Ensure product development teams have the right level of security expertise to operate their aspects of the security operating model
• Work with the SecOps team to define response playbooks for application security incidents, and seek out automation for common events to ensure sustainable T1/T2 operation
• Work with the SecOps team to define the runbooks for application security tooling operated by the CSO team, ensuring sustainable security operation across TH #39;s portfolio of applications

What you bring

• University degree or equivalent industry experience
• Strong communication, presentation, and relationship skills, especially the ability to articulate technical topics
• Knowledge of security and industry standards (e.g., ISO, NIST, ITIL, etc)
• CISSP, CCSP, CRISC or similar Cloud certification are preferred.
• Practical Cloud security experience with appropriate certification spanning GCP and either AWS or Azure
• Experience working on enterprise Cloud services deployments (SaaS, PaaS, IaaS) and understand security challenges involved in Cloud migration, adoption and operation
• Experience deploying and migrating to/from private Cloud environments
• Experience with virtual machine management, container orchestration, API management and secure use of serverless technologies
• Knowledge of application security, software development with security concepts and integration into the development pipelines.
• Experience across SCA, SAST and DAST
• Integration experience across pipelines and orchestration tools such as Jenkins, source repositories (e.g. GitHub, bitBucket etc), Integrated Development Environments, and testing tools
• Experienced with agile delivery teams and environment
• Experienced working in a DevOps / SRE operation
• Experience with application security capabilities including Web Application Firewalls, DDoS mitigation, Bot prevention, and associated threat management controls
• Familiarity with pipelines, automation and scripting
• Performed threat modeling and design reviews assessing security implications and requirements introducing new technologies
• Performed security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks

Nice to haves

• Professional security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and others
• Industry-recognized certifications would be an asset. (i.e., OCSP, GICSP, CISSP, CISM, and CISA)
• Experience within a regulated business environment
• An insatiable appetite for modern and emerging technologies and tools

#LI-CL2Where permitted by law, company employees must be fully immunized to access a TELUS Health or LifeWorks office or customer premises.Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to talentacquisitiononboarding@lifeworks.com.By applying to this role, you understand and agree that your information will be shared with the TELUS Group of Companies #39; Talent Acquisition team(s) and/or any leader(s) who will be part of the selection process.