Principal Security Engineer

Brazil Req #3049
Tuesday, November 12, 2024
Questrade Financial Group (QFG) of Companies is committed to helping our customers become much more financially successful and secure.
 
We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.
 
This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, there are flexible working arrangements so you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at Questrade.

What’s it like working as a Principal Security Engineer at Questrade?

We are seeking a highly skilled and experienced Principal Security Engineer to join our Cybersecurity Engineering DevOps team. The ideal candidate will be a seasoned security professional with a deep understanding of DevSecOps principles and a proven track record of implementing and managing secure cloud environments. You will play a pivotal role in shaping our security posture, driving automation, and ensuring the secure development and deployment of our software solutions.

Need more details? Keep reading…

In this role, responsibilities include but are not limited to:

  • Champion DevSecOps capabilities and enhancements:
    • Support the implementation, automation, and configuration of DevSecOps tools and processes.
    • Design and write code to harden security within our cloud infrastructure environment (up to 80% of your time).

  • Lead the implementation of Cloud and Container Security automation:

    • Collaborate with Cloud Infrastructure Engineers to implement and co-develop Security-as-Code solutions.

    • Participate and enhance the Secure Software Development Lifecycle (SSDLC) process in collaboration with Cloud Software Engineers.

    • Define and automate security controls through policy-based solutions.

  • Drive security best practices and innovation:

    • Anticipate potential security threats, identify vulnerabilities, and propose innovative solutions to eliminate them.

    • Stay abreast of emerging security trends, technologies, and best practices.

  • Collaborate and mentor:

    • Collaborate effectively with cross-functional teams (development, infrastructure, security) and stakeholders.

    • Mentor junior security engineers, fostering knowledge sharing and professional growth.

So are YOU our next Principal Security Engineer? You are if you…

  • Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or a related field.
  • 7+ years of experience in security engineering, with a strong focus on DevSecOps.
  • Proven experience implementing and managing DevSecOps practices in a cloud environment (preferably GCP, AWS experience also valuable).
  • Experience with security tools like SAST, DAST, SCA, and vulnerability scanners.
  • Proficiency in scripting languages like Python or Bash for automating security tasks and integrating security tools into CI/CD pipelines.
  • Strong understanding of cloud infrastructure concepts, including networking, storage, compute, and security services.
  • Hands-on experience with container security, including container image scanning, and securing Kubernetes deployments.
  • Excellent communication and collaboration skills, with the ability to effectively work with cross-functional teams and stakeholders.
  • Passion for staying up-to-date with the latest security trends, technologies, and best practices.

Additional kudos if you…

  • Experience with security orchestration and automation platforms (e.g., Ansible, Terraform, CloudFormation).
  • Experience with security frameworks like NIST Cybersecurity Framework, NIST SSDF,  ISO 27001, or SOC 2.
  • Relevant security certifications (e.g., CISSP, AWS Certified Security - Specialty, GCP Professional Cloud Security Engineer).
  • Experience with incident response and security investigations.

Sounds like you? Click below to apply! #LI-CP1

At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us. 
 
Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.

Other details

  • Pay Type Salary
Apply Now
Location on Google Maps
  • Brazil