Staff DevSecOps Engineer (Product Security)

Visier is the leader in people analytics and we believe in a 'people-first' approach to business strategy. Our innovative technology transforms the way that organisations make decisions, allowing them to elevate their employees and drive better business outcomes.  Embarking on an exciting new chapter in our growth story, we are looking for talented individuals who can help both Visier and our customers grow, evolve and win!

Visier is seeking a Staff DevSecOps Engineer to join the Product Security team, responsible for making security a differentiating feature of the Visier platform. In this role, you’ll collaborate with stakeholders across Visier to protect critical assets in our multi-cloud production environment. You’ll contribute by building core infrastructure security components, advancing threat detection capabilities and ensuring compliance with key security frameworks. Additionally, you’ll offer insights into best practices, techniques, and technologies to enhance security, helping to develop and refine defenses against evolving threats and skilled threat actors.

What you'll be doing...

• Leading the implementation of core infrastructure security projects in a diverse array of areas, including authentication and authorization, cloud security posture management, vulnerability management and network security
• Participating in architecture and design reviews, playing a key role in hands-on implementation of security solutions for systems and applications
• Discovering flaws in systems and applications, guiding remediation, and providing guidance to prevent regressions
• Informing and building upon our strong data loss prevention strategy
• Hardening infrastructure to meet industry standard benchmarks such as CIS
• Building and maintaining threat detection rules across multiple intrusion prevention and detection systems, and a centralized SIEM
• Reviewing security-related events, assessing severity, criticality and priority
• Informing good decision-making using a variety of techniques including red teaming methodologies, threat modeling, and acting as an advisor for industry best practices in secure software development lifecycles
• Performing application and infrastructure vulnerability and penetration tests using external & internal tools as well as manual and scenario-based security testing
• Embracing a philosophy of continuous learning, keeping current with industry best practices, tools and strategies; documenting knowledge and educating fellow Vizzies on security and secure coding practices

What you'll bring to the table...

• Experience in roles encompassing product and infrastructure security
• Strong understanding of industry best practices and hands-on experience with application security in a SaaS vendor environment
• Expertise in AWS and/or Azure cloud infrastructure security
• Experience working with Infrastructure as Code (IaC), preferably with Terraform and CloudFormation
• Solid experience with Identity and Access Management (IAM), implementing the principle of least privilege
• Experience building threat detection rules on a SIEM platform, preferably Splunk Enterprise Security
• Experience with vulnerability management, detection and response
• Strong analytical skills with excellent attention to detail as well as ability to make connections across and between different areas
• Excellent written, verbal and interpersonal skills
• Ability to work independently and manage multiple task assignments
• Ability to work quickly to meet deadlines in a fast-paced company
• Knowledge and hands-on experience with networking and Linux security is an asset
• Coding skills - the ability to read and write code is an asset

Most importantly, you share our values...

• You roll up your sleeves
• You make it easy
• You are proud
• You never stop learning
• You play to win

The base pay range for this position in Canada is $130k - 162k / year + bonus

The compensation offered will be determined by factors such as relevant qualifications, experience, knowledge and skills. Many of our positions are eligible for additional types of compensation (e.g., commission plans, bonus, etc.) which our Talent Acquisition team will share with you if you interview for the role.

See the #VisierLife in action

Instagram - @visierlife

Linkedin - https://www.linkedin.com/company/visier-analytics/

Visier Candidate Privacy Notice and Recruiter Policy