DevSecOps Specialist

Our Story: It's no surprise that our story is a little unconventional. After all, Papa Murphy's brought an entirely new approach to the pizza industry. But our unique idea is a simple one. We focus on using quality ingredients, prepared fresh daily, to offer our guests everyday meal solutions to take 'n' bake at home with ease. That commitment to quality and creativity extends beyond just our delicious and craveable products. At Papa Murphy's it is our mission to create a culture of collaboration, accountability, and inclusion. Because we know that what makes us great isn't just what we make, it's what we make together.

Reporting to the Vice President of Cyber Security & IT Compliance, the DevSecOps Specialist will play a pivotal role in securing MTY's expansive digital ecosystem and emerging technology initiatives. This position requires close collaboration with cross-functional teams to ensure security is embedded into every phase of the software development lifecycle (SDLC). Key responsibilities include areas such as API security, web application security testing, and Infrastructure-as-Code (IaC).

This position is being recruited through the Papa Murphy's International subsidiary of MTY Food Group, a publicly traded company listed on the Toronto Stock Exchange ("MTY"). MTY's family of 80+ restaurant brands include mainstays such as Cold Stone Creamery, Famous Dave's, and Papa Murphy's.

Key Responsibilities

*Foster strong relationships with stakeholders across the organization, including Web Operations, Marketing, Data & Analytics, and IT Infrastructure teams.

*Work closely with stakeholders to promote secure coding practices and champion DevSecOps culture.

*Identify and prioritize security misconfigurations and vulnerabilities using a risk-based approach.

*Conduct and automate security testing for web applications (including those built on WordPress), with a focus on OWASP Top 10 vulnerabilities and secure API design principles.

*Design and execute automated security tests for RESTful APIs; collaborate with development teams on remediation strategies.

*Maintain secure CI/CD pipelines in Github with integrated SAST and DAST tools.

*Design and implement secure cloud architectures and controls in Azure and AWS, ensuring adherence to industry standards and regulatory requirements.

*Build and manage secure IaC using Terraform; conduct code reviews and validate security controls are properly implemented.

*Provide security guidance and support for platforms such as Databricks, WordPress, and functional testing tools such as Postman.

*Develop scripts and tooling in Python to automate security operations, testing, and monitoring.

What you bring to the table:

Required Qualifications

*3+ years of experience in a DevSecOps, Cloud Security, or Application Security role.

*Excellent communication, collaboration, and stakeholder management abilities.

*Ability to prioritize security vulnerabilities to effectively manage cyber risk.

*Proven understanding of DAST, SAST, vulnerability scanning, and remediation workflows.

*Strong hands-on experience with GitHub, Terraform, Azure, AWS, and Python.

*Familiarity with WordPress security hardening and plugin management.

*Solid knowledge of security frameworks such as OWASP, NIST, and CIS Benchmarks.

*Experience integrating security tools into DevOps workflows.

*Practical experience with API testing using tools like Postman.

*Knowledge of container security and orchestration tools (e.g., Docker, Kubernetes).

 

Preferred Qualifications

*Bilingual (English and French) proficiency.

*Experience in a global or multinational business environment.

*Relevant security certifications (CISSP, CCSP, AWS Certified, Microsoft Certified, etc.)

 

What we bring to the table:

*Salary range: $120,000-$130,000. Actual offer may vary from posted hiring range based on location, work experience, and/or education.

*Competitive insurance benefits including medical, dental, vision, HSA, and FSA (dependent care/medical)

*Company paid life, accidental death & dismemberment, and long-term disability insurance

*Optional supplemental life, accidental death & dismemberment, and short-term disability insurance

*401(k) retirement account with employer match and immediate vesting

*Paid time off accrual account (starts at 10 days per year, with an additional day added annually up to 20 days)

*40 hours of accrued Paid Sick and Safe Time annually

*10 paid holidays per year, plus an additional 2 floating holidays

*8 Hours of Papa Cares Volunteer Hours per year

*Paid Parental Bonding Leave

*Tuition Assistance

*Employee Assistance Program

*50% pizza discount at Papa Murphy's Company Stores

Please Note:

The intent of this job description is to provide a representation of the types of duties and responsibilities that will be required in this position and shall not be construed as a declaration of the total of the specific duties and responsibilities of any particular position. Employees may be directed to perform job-related tasks other than those specifically presented in this description.

 

Papa Murphy's International, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.