M
Posted 8 hours ago
DevSecOps Engineer
Maxima
Requirements
4+ years DevSecOps experience, GCP security expertise, CI/CD hardening experience, Golang, TypeScript, or Python proficiency, Compliance knowledge (SOC 2, ISO 42001)
Skills
DevSecOpsGCPKubernetes
About the role
About the Company
At Maxima, we're eliminating the pain of enterprise accounting through powerful integrations, intuitive design, and AI-driven automation. Backed by leading Silicon Valley investors like Kleiner Perkins, our team is composed of top engineers from companies such as Google, Facebook, and Amazon.
Responsibilities
- Implement and manage DevSecOps practices across the entire SDLC using a "shift-left" approach
- Design and harden CI/CD pipelines using GitHub Actions and OIDC with Workload Identity Federation
- Integrate security checks including SAST, dependency scanning, and secret scanning
- Secure GCP cloud infrastructure via IAM least privilege, VPC firewalls, and Google Secret Manager
- Manage encryption and key rotation using Cloud KMS
- Oversee container and artifact hardening, including image scanning and signing with Cosign
- Monitor CI/CD pipelines and production environments using GCP and Datadog
- Maintain documentation for compliance frameworks including SOC 2, SOC 1, and ISO 42001
Requirements
- 4+ years of experience in DevSecOps or Security Engineering
- Bachelor’s degree in an engineering discipline
- Proven experience securing Google Cloud Platform (GCP) environments
- Strong experience hardening CI/CD systems like GitHub Actions
- Proficiency in Golang, TypeScript, or Python
- Familiarity with compliance standards such as SOC 2, PCI DSS, or ISO 42001
- Ability to thrive in a high-intensity startup environment
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freeDevSecOps Engineer
Maxima · Toronto
