Senior DevSecOps Engineer (CANADA only)

This is a remote position.<\/p>

About Us<\/span><\/span><\/span><\/span>
<\/h2>

<\/div>

Berkeley Payment Solutions is a leading payment technology provider specializing in innovative solutions for businesses to manage and process payments seamlessly.<\/span><\/span><\/i><\/span><\/span>
<\/p>

Role Overview<\/span><\/span><\/span><\/span>
<\/h2>

<\/div>

Candidates must be located in Canada for this role.<\/span><\/span><\/i><\/b><\/span><\/span>
<\/p>

<\/div>

The Lead Security \/ DevSecOps Engineer will strengthen and maintain the company's security posture through secure development practices, infrastructure security controls, and DevSecOps principles. This hands\-on role bridges software engineering, operations, and cybersecurity—ensuring security is integrated across the entire development lifecycle. The role involves leading secure CI\/CD pipelines, cloud infrastructure hardening, automated threat detection, and compliance enforcement in direct collaboration with engineering, DevOps, and product teams.<\/span><\/span><\/i><\/span><\/span>
<\/p>

<\/div>

Our Technology Stack<\/span><\/span><\/span><\/span>
<\/h2>

<\/div>

Berkeley operates a cloud\-native, Kubernetes\-first platform on AWS. You will work directly with:<\/span><\/span><\/i><\/span><\/span>
<\/p>

<\/div>

• IaC:<\/span><\/span><\/i><\/b><\/span><\/span> Terraform 1.5+ (tf\-environments, tf\-shared\-modules with 29+ reusable modules)<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Compute & Orchestration<\/span><\/span><\/i><\/b><\/span><\/span>: Amazon EKS 1.28+, Karpenter v1.0.10+, Helm (25+ charts), Docker<\/span><\/span><\/i><\/span><\/span>
<\/p>

• GitOps & CI\/CD:<\/span><\/span><\/i><\/b><\/span><\/span> ArgoCD (App\-of\-Apps), GitHub Actions, AWS CodeBuild, ECR, OIDC IAM roles<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Networking & Edge:<\/span><\/span><\/i><\/b><\/span><\/span> Transit Gateway (hub\-and\-spoke), VPC multi\-account, CloudFront, HAProxy Ingress<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Security:<\/span><\/span><\/i><\/b><\/span><\/span> AWS WAF (JA3\/JA4, OWASP rules), GuardDuty (9 accounts), IAM Identity Center, JumpCloud SAML, Secrets Manager, External Secrets Operator<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Data & Storage: <\/span><\/span><\/i><\/b><\/span><\/span>Aurora Serverless v2 (PostgreSQL 14.17, MySQL 8.0), DynamoDB, ElastiCache Redis, S3<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Observability<\/span><\/span><\/i><\/b><\/span><\/span>: Prometheus, Grafana, Loki Distributed, Promtail, AlertManager, PagerDuty<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Data Workflows: <\/span><\/span><\/i><\/b><\/span><\/span>Argo Workflows, Spark Operator, Jupyter, 56+ scheduled jobs<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Applications:<\/span><\/span><\/i><\/b><\/span><\/span> Elixir\/Phoenix, Go, NestJS, React, RabbitMQ, SQS<\/span><\/span><\/i><\/span><\/span>
<\/p>

• AI Operations: <\/span><\/span><\/i><\/b><\/span><\/span>Claude Code for DevOps automation, IaC generation, and operational workflows<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Compliance:<\/span><\/span><\/i><\/b><\/span><\/span> PCI\-DSS, SOC 2 Type I\/II, GDPR<\/span><\/span><\/i><\/span><\/span>
<\/p>

• AWS Accounts: <\/span><\/span><\/i><\/b><\/span><\/span>Multi\-account strategy — Root, Dev, Staging, Production, CAMS Production<\/span><\/span><\/i><\/span><\/span>
<\/p>

<\/div><\/span>

Requirements<\/h3>

1. Security Engineering & DevSecOps Implementation<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• Design and implement security controls across CI\/CD pipelines (GitHub Actions, CodeBuild), Terraform IaC, and deployment workflows (ArgoCD, Helm charts).<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Integrate automated security scanning (SAST, DAST, dependency scanning, container image scanning) into CI\/CD to detect vulnerabilities early.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Harden EKS\/Kubernetes, Docker, and AWS environments with best\-practice configurations, Karpenter node policies, and Kubernetes security policies.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Enforce least\-privilege access and secrets management via AWS Secrets Manager and External Secrets Operator across all environments.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Automate security and compliance tasks using Claude Code for IaC generation, infrastructure scripting, and security workflows.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Manage SSL\/TLS certificate renewals, CSP enforcement, and AWS WAF rules (JA3\/JA4 fingerprinting, OWASP rule sets) protecting CloudFront edge infrastructure.<\/span><\/span><\/i><\/span><\/span>
<\/p>

2. Real\-Time Security Monitoring & Incident Response<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• Deploy and manage GuardDuty (9 accounts), Security Hub, and the Grafana\-Loki\-Prometheus stack to detect and respond to threats in real time.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Develop and execute incident response playbooks, coordinating alerts through AlertManager, PagerDuty, and Slack.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Configure alerting for unauthorized access, configuration drift, and anomalous behavior across the multi\-account AWS environment.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Analyze logs and telemetry from Grafana, Loki, Promtail, and Prometheus; monitor VPC Flow Logs, Transit Gateway traffic, and CloudFront access logs for anomalies.<\/span><\/span><\/i><\/span><\/span>
<\/p>

3. Governance, Risk, & Compliance (GRC)<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• Lead compliance efforts for SOC 2 Type I\/II, PCI\-DSS, and GDPR, including automated enforcement and evidence collection within CI\/CD and Terraform.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Perform security risk assessments, gap analyses, and audits across all AWS accounts (Root, Dev, Staging, Production, CAMS).<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Collaborate with legal, compliance, and auditing stakeholders; conduct vendor and third\-party risk assessments.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Maintain centralized compliance documentation for frameworks, control implementations, and audit activities.<\/span><\/span><\/i><\/span><\/span>
<\/p>

4. Secure Architecture & Infrastructure Reviews<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• Lead threat modeling and architecture reviews for services across Elixir\/Phoenix, Go, NestJS, and React stacks.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Define and enforce baseline security configurations (hardened AMIs, K8s security policies, Karpenter NodePool constraints, Security Groups).<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Conduct security reviews for Aurora Serverless v2 databases, message queues (RabbitMQ, SQS), and caching layers (ElastiCache Redis).<\/span><\/span><\/i><\/span><\/span>
<\/p>

5. Senior DevOps Engineering & Platform Reliability<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• Manage scalable infrastructure on AWS via Terraform (29+ shared modules), ArgoCD, and EKS across dev\/stage\/prod accounts.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Build and maintain secure CI\/CD pipelines using GitHub Actions and CodeBuild with ECR image management.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Operate Kubernetes environments using Karpenter for intelligent node provisioning; oversee the Prometheus\-Grafana\-Loki\-Promtail observability stack.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Manage database infrastructure (Aurora Serverless v2, DynamoDB, ElastiCache), Transit Gateway networking, and CloudFront edge configurations.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Implement and monitor SLOs, SLAs, and error budgets in collaboration with product and engineering.<\/span><\/span><\/i><\/span><\/span>
<\/p>

6. AI\-Assisted DevOps & Automation<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• Leverage Claude Code for Terraform module development, Helm chart authoring, Kubernetes troubleshooting, and security policy generation.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Use Claude Code to accelerate incident investigation, generate runbooks, and produce IaC patches.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Build Claude Code\-driven automation for certificate rotation, compliance checks, and environment provisioning.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Evaluate AI\-assisted tooling for the DevSecOps pipeline; mentor team members on effective Claude Code usage.<\/span><\/span><\/i><\/span><\/span>
<\/p>

7. Security Culture & Engineering Enablement<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• Conduct security training tailored to engineers, product managers, and DevOps teams.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Embed a DevSecOps\-first mindset from ideation to deployment; facilitate post\-incident reviews and drive remediation.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Mentor team members on security practices, cloud infrastructure, Kubernetes operations, and observability.<\/span><\/span><\/i><\/span><\/span>
<\/p>

8. Documentation & Knowledge Sharing<\/span><\/span><\/span><\/span>
<\/h3>

• Maintain documentation for security standards, tooling, infrastructure configuration, and response procedures.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Build a security and DevOps knowledge base aligned with existing architecture documentation.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Track and report KPIs for system security, infrastructure reliability, and compliance maturity.<\/span><\/span><\/i><\/span><\/span>
<\/p>

Qualifications<\/span><\/span><\/span><\/span>
<\/h2>

Required<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• 5+ years in DevOps, SRE, or Security Engineering with hands\-on cloud infrastructure experience.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Deep expertise with AWS (EKS, IAM, GuardDuty, WAF, Secrets Manager, Transit Gateway, CloudFront, Aurora, S3, DynamoDB, ElastiCache).<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Strong Kubernetes (EKS), Helm, ArgoCD, and container security experience.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Proficiency in Terraform IaC, including module development and multi\-environment management.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Experience building and securing CI\/CD pipelines with GitHub Actions and\/or CodeBuild.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Solid understanding of PCI\-DSS, SOC 2, and\/or GDPR compliance frameworks.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Experience with observability stacks (Prometheus, Grafana, Loki) and incident response tooling (PagerDuty, AlertManager).<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Strong scripting skills (Bash, Python, or Go).<\/span><\/span><\/i><\/span><\/span>
<\/p>

Preferred<\/span><\/span><\/span><\/span>
<\/h3>

<\/div>

• Experience with Karpenter, HAProxy Ingress, or External Secrets Operator in Kubernetes.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Experience securing Elixir\/Phoenix, Go, or NestJS application stacks.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Experience with Claude Code for infrastructure automation and operational scripting.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Hands\-on experience with Argo Workflows, Spark Operator, or data pipeline security.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Experience with JumpCloud or similar identity providers for SAML\/SSO.<\/span><\/span><\/i><\/span><\/span>
<\/p>

• Background in payment technology, financial services, or PCI\-compliant environments.<\/span><\/span><\/i><\/span><\/span>
<\/p>

<\/div><\/span>
<\/body> <\/html>"}}],"isMobile":true,"iframe":"true","jobType":"Full time","applyName":"Apply Now","zsoid":"682115927","isRemoteJob":true,"FontFamily":"Verdana, Geneva, sans\-serif","jobOtherDetails":[{"fieldLabel":"Industry","uitype":2,"value":"Financial Services"},{"fieldLabel":"Work Experience","uitype":2,"value":"5+ years"}],"headerName":"Senior DevSecOps Engineer (CANADA only)","widgetId":"510343000000072311","isJobBoard":"false","userId":"510343000000237009","attachArr":[],"customTemplate":"3","isCandidateLoginEnabled":true,"jobId":"510343000047921140","FontSize":"15","location":"","embedsource":"CareerSite","indeedCallBackUrl":"https:\/\/recruit.zoho.com\/recruit\/JBApplyAuth.do","logoId":"ex9qje37dfd0809b3460a9099904fc1dc1cd6"}