Story Behind the Need:

• Business group: Enterprise Security Services, Policy-as-code – Write security policies for enforcing security across the organization; half of the team is in Colombia and half in Toronto
• Project: Contractor will work on codifying the policies for the Enterprise Policy Engine – Styra, to ensure a consistent and automated application security signoff – already initiated, expected to end after the 6 months period

Candidate Value Proposition:

• The successful candidate will have the opportunity to gain exposure to cloud tools, ability to collaborate with DevOps team for a top 5 Canadian Bank.

Typical Day in Role:

• Write Rego Policy-as-Code for application security scanning tools – SAST, DAST, SCA and MAST; to ensure that no critical or high vulnerabilities are deployed to production
• Write Rego Policy-as-Code for scanning Terraform and Cloud resources
• Write unit tests for these policies, and complete other QA activities to ensure the working and quality of the policies
• Deploy security policies to the cloud using DevOps strategies and tools.
• Integrate policies with Styra policy engine
• Work with cloud security architecture and cloud operations internal teams
• Role is split into technical part of 1) writing the Policy-as-Code, QA activities and 2) support delivery of the product – give updates, collaborate with team

Candidate Requirements/Must Have Skills:

• 10+ years’ experience in related fields: Security Engineering, Cloud architecture, Security Operations, DevOps
• 3-5 years’ experience with IaC (Infrastructure As Code) tool Terraform
• 1-2 years’ experience with PaC (Policy As Code) tools Styra, Rego
• 3-5 years’ experience with DevOps tools and strategies, including VCS, IaC, and automated pipelines
• 3-5 years’ hands-on experience with Cloud platforms (Google Cloud, Azure, AWS – in order of preference)

Nice-To-Have Skills:

• Experience with programming languages (Python, GO, Rego)
• CI/CD tools experience
• CNAPP experience
• Experience from software delivery industry
• Agile experience

Soft Skills Required:

• Able to maintain updated and consistent documentation about workflows, test results, change tickets and PoC implementations that are relevant for the team to reference.
• Able to prepare status updates and socialize them with team members and stakeholders.
• Collaboration skills to work with stakeholders like Platform Engineering and Security Architecture to align on the policies deployments.
• Proactively propose best practices to implement in our development and delivery lifecycles.

Education:

• Bachelor’s in technical field e.g. computer science, information security
• Cloud certifications and cloud security certifications are an asset

Best VS. Average Candidate:

• Ideal candidate has strong project experience, deployment of IaC to the cloud types projects; security engineers and cloud architects, devops title roles; best would be a DevOps background

Candidate Review & Selection:

• 2 rounds, with hiring manager and senior developer(s) in team, remote MS Teams.
• In some cases, possibly a 3rd in-person may be needed.
• Hiring Manager’s availability to interview: ASAP