Senior Cloud Security Engineer (Canada - Remote)

The Role

League’s security engineering teams are responsible for scaling security in the development lifecycle and managing security incident management. We believe in security by design and follow a paved road philosophy by building or buying tools that we can integrate into our platform to level-up our security posture. Security is everyone’s responsibility, but security engineering is how we make it possible for engineers to ship high quality code to production several times per day with security baked in.

We are accepting applicants who have existing software engineering experience and want to explore security and applicants who may have done a security program in a post-secondary institution. There are people across the engineering organization who are ready to help grow technical skills and who want to learn more about security.

In this role, you will:

• Team Coordination: Collaborate with the broader security engineering team to discuss ongoing projects, share updates, and troubleshoot any issues that arise. This includes coordinating efforts with colleagues specializing in different areas of security, such as application, infrastructure, and cloud
• Security Consultation: Meet with software engineers to provide guidance on securely implementing security measures in their projects. This could involve discussions on implementing zero-trust principles, designing secure service mesh architectures, or addressing specific security concerns
• Cloud Infrastructure Automation: Work on automating the deployment and configuration of security measures within League's public cloud environment. This includes leveraging infrastructure-as-code (IaC) principles to define and manage resources, streamline processes, and ensure consistent security across cloud projects
• Security Maturity Assessment: Conduct regular assessments of League's overall security maturity. Identify areas for improvement, propose solutions, and track progress over time
• Cloud Security Management: Review and adjust the configuration of cloud security tools, including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and others, to ensure they are effectively monitoring League's cloud environments for threats, misconfigurations, and compliance violations
• Container and Kubernetes Security: Implement and maintain security measures for containerized workloads and Kubernetes environments. This includes container hardening, runtime security monitoring, and ensuring secure Kubernetes configurations and access controls
• Documentation and Knowledge Sharing: Document findings, recommendations, and security best practices for future reference, with a focus on public cloud-specific security considerations. Share this knowledge with the development team and contribute to League's knowledge base to continuously improve security awareness
• Continuous Learning: Dedicate time to staying informed about the latest security threats, vulnerabilities, and industry trends, with a particular emphasis on public cloud security best practices and emerging technologies. This involves reading security blogs, attending webinars, participating in training sessions, and pursuing relevant certifications
• Incident Response: Assist in the investigation and remediation of security incidents to minimize their impact on League's systems and data, particularly those occurring within the public cloud environment
• Mentorship: Share expertise with less experienced engineers on the team, particularly in areas like public cloud security, zero-trust, service mesh, container security, and Kubernetes security, fostering a culture of continuous learning and growth within League's security organization.

 About You:

• Bachelor of Science degree (BS) in Computer Science (or a related field)
• Good knowledge of common system and application vulnerabilities and countermeasures
• Direct and recent working experience with at least two of the following compliance programs: ISO 27001, SOC 2, HIPAA or HITRUST
• You have exposure to application or cloud security and secure coding best practices
• You understand how web and mobile applications are built
• You are able to write code in Python or similar higher level languages
• Preferred certifications: CISSP, CCSP, OSCP
• Experience with GCP and AWS security best practices
• Experience with cloud security tools including CSPM, CWPP, and DLP
• Experience with container and VM hardening

Security-Related Responsibilities

• Compliance with Information Security Policies
• Compliance with League’s secure coding practice
• Responsibility and accountability for executing League's policies and procedures
• Notification of HR, Legal, Compliance & Security of any incidents, breaches or policy violations