Build & Automate Security Guardrails: Design, build, and implement automated security controls directly within our CI/CD pipelines and Cloud Infrastructure. You will use an automated, repeatable approach to make security a seamless, default part of our development process and underlying cloud environments.
Evolve Threat Detection & Response: Implement and manage our security information and event management (SIEM) systems. You'll develop strategies for threat detection, evolve security incident response processes, and conduct security incident reviews to continuously improve our security posture.
Champion Application & Cloud Security: Partner with product engineering teams on practical threat modeling and risk reduction. You'll conduct security architecture reviews and provide expert guidance on securing our cloud-native applications, data and AI workloads, and Kubernetes environment on AWS.
Lead Security Awareness: Educate and empower your engineering colleagues by sharing your expertise on security best practices (e.g. OWASP Top 10), threat modelling frameworks, and by running security-focused initiatives.
Support your team: Participate in the DevSecOps on-call rotation across cloud infrastructure, Kubernetes, and CI/CD systems. You will apply your foundational expertise to diagnose, remediate, and prevent platform issues confidently and effectively.

Requirements

Proven Hands-On Experience: 5+ years in DevSecOps or Infrastructure/Platform/Cloud security roles, or experience in SRE, Cloud Infrastructure or DevOps roles with security as a primary focus.
Cloud & Container Orchestration: You are an expert in securing cloud environments (AWS preferred) and cloud-native applications running in Kubernetes. You have a solid understanding of Kubernetes and Cloud Infrastructure fundamentals, and are comfortable working hands-on across the platform for day-to-day operations.
Security as Code & Automation: A strong belief in automating everything. You have experience integrating SCA, SAST and DAST tools into software development workflows. You are proficient with Infrastructure as Code (Terraform or equivalent) and have experience working with at least one higher level language such as Python, Ruby or Go (Python preferred).
Security and Compliance Expertise: Practical experience working with and implementing controls for compliance frameworks such as SOC 2, ISO 27001, or PCI DSS. Strong understanding of security best-practices and the OWASP Top10.
Securing AI Integrated Systems: Familiarity with the attack vectors and security concerns associated with Agentic AI workflows and other AI product integrations is a plus.
A Builder's Mentality: You are passionate about building and scaling security programs, not just operating them. You thrive on the opportunity to create new systems, automate processes, and have a high degree of ownership.
Empathetic & Accountable: A collaborative, "low-ego" partner to development teams. You lead with empathy, believe that your team's success is your success, and take initiative in an autonomous environment.
Exceptional Communicator: You excel at explaining complex security concepts to both technical and non-technical audiences, fostering a shared sense of responsibility for security across the company.
Maintains a professional and current LinkedIn profile, ensuring it is updated upon joining Procurify to reflect their new role and maintain a consistent company presence.

Benefits

Flexible working: We’re a remote-first organization with flexible working hours. Work anywhere from within Canada!
Responsible time off: We trust our team to take the time they need to rest and recharge while staying accountable to their commitments.
Extended health benefits: We prioritize our team’s health and well-being. We offer a competitive health, vision, and dental package along with an Employee Assistance Program (EAP), and a health and wellness spending account.
Community initiatives: We have a strong commitment to the community. Join one of our regular community days, donate to our Donate Your Day program, and get involved with one of our lunch and learns.
Stock options: Everyone has a chance to own a part of Procurify with our competitive stock program.
DEI initiatives: We regularly run a diversity, equity, and inclusion roundtable where we host guest speakers and tackle the topics that matter.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

DevSecOpsInfrastructure securityCloud securityKubernetesAWSInfrastructure as CodeTerraformSCASASTDAST

Soft Skills

collaborationempathyaccountabilitycommunicationinitiativeownershipleadershipeducational skillsproblem-solvingadaptability

Certifications

SOC 2ISO 27001PCI DSS