Cloud Security Developer

Location: Remote (Canada)

Department: Corporatif - Sécurité / Corporate - Security

About the Company

Our mission is to provide a positive, empowering, and transparent property financing experience that is simple from start to finish. Our team consists of skilled technology experts, caring mortgage specialists, and a diverse marketing team, all working together to lead change in the mortgage industry.

At nesto, we're proud of 

• Our clients love our positive, empowering, and transparent mortgage financing experience.
• Our 4.5-star Google reviews speak for themselves!
• We won the 2023 & 2024 CLA Lender of the Year award, recognizing our excellence in lending services.
• We are a B Corp certified organization, highlighting our dedication to making a positive impact on our society and our planet.
• Our highly skilled, diverse, and collaborative team, makes everything possible!
• Our Mortgage Cloud platform gives financial institutions full access to nesto’s proprietary technology, powering a better client experience, from start to finish.

About the team

We're a fast-paced, interdisciplinary team working on multiple tech projects simultaneously. Our team is diverse and works on different products and nesto experiences that are all interconnected. 

We are looking for a Cloud Security Developer to join our dynamic team. In this role, you will play a critical role in designing, implementing, and maintaining cloud security solutions to protect our cloud-based systems and applications. You will work closely with our development and operations teams to ensure the security and integrity of our cloud infrastructure.

We celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.

What you'll be doing

• Implement and maintain robust security controls to protect our cloud infrastructure and applications.
• Discover, remediate, and validate security issues across cloud infrastructure.
• Perform architectural/design reviews through a security lens and provide timely, actionable requirements and recommendations.
• Collaborate with security leadership, compliance, and engineering teams to execute security strategies.
• Build, deploy, and manage security tools such as WAF, IDS/IPS, workload protection, GCP Command Center, and Azure Security Center, etc.
• Propose and contribute to security and compliance improvements for nesto CI/CD pipelines and deployment processes.
• Automate infrastructure provisioning and deployment processes using Infrastructure as Code (IaC) tools like Terraform or Pulumi.
• Design and operate scalable processes to provision cloud access and maintain least privilege.
• Participate in and support the incident detection and response process by enhancing observability and alerting and assisting the incident response team.
• Self-organize and prioritize activities independently.
• Support audits and first-party security questionnaires.
• Conduct and oversee security assessments and threat modeling exercises.
• Implement security controls within Kubernetes.
• Build DevSecOps tools/integrations.

Who we're looking for

• 5+ years of experience working on a team focused on infrastructure and/or security.
• 5+ years of development experience (ideally GoLang, TypeScript/JS).
• Knowledge of common web application vulnerabilities and the OWASP Top 10 framework.
• The ability to analyze and act on results from DAST and SAST tools (e.g., Tenable, Snyk).
• Skilled in DevSecOps principles and familiarity with CI/CD pipelines (GitHub Actions, Argo CD, Azure DevOps) to perform automated security testing.
• Experience deploying and customizing security tools to address threats and lower risk, including vulnerability scanners, static analyzers, web application firewalls (WAFs), intrusion detection/prevention systems (IDS/IPS), and endpoint security monitoring.
• A comprehensive grasp of cloud and network security, including an in-depth understanding of Kubernetes.
• Experience in GCP specifically with one or more of the following services: Security Command Center, GKE, Cloud IDS, Cloud Armor, and Secrets Manager.
• Experience in Azure specifically with one or more of the following services: Security Center, Azure PaaS App Services, VMs, Azure SQL, Front Door, and Key Vault.
• Experience writing infrastructure-as-code using tooling such as Terraform, Pulumi, and Helm.
• Knowledge of common security-related frameworks and benchmarks like CIS, NIST, and MITRE ATT&CK.
• An understanding of identity and access management (IAM) principles and cloud-native IAM solutions.
• Passionate about constant learning and sharing knowledge with others.
• Bilingual (English & French).

We definitely want to talk to you if you have/are

• Experience managing security posture by collating, digesting, and monitoring outputs from tooling.
• Experience working with infrastructure-as-code using tooling such as Terraform, Pulumi, and Helm.
• Skilled in DevSecOps principles and familiar with CI/CD (Github Action and Argo CD) pipelines to perform automated security testing

The Reward

• The A-Team: Work alongside high-performing talent in the industry.
• Accelerated Growth: The slope of your learning curve here will be vertical. You will touch more production systems in one year than you would in five years at a bank.
• Top-Tier Coverage: Premium benefits plan fully paid by nesto, including comprehensive insurance and unlimited access to telemedicine and mental health services for you and your family.
• Rest & Recharge: 4 weeks of vacation to ensure you stay at peak performance.
• Best-in-Class Tools: Access to the resources and tech you need to execute without friction.
• Working framework: The environment that makes you productive and enables teamwork (Hybrid model).

Diversity and Inclusion

At nesto, we believe that creativity and collaboration are the result of a diverse team. We are committed to fostering a culture of diversity, equity, inclusion, and belonging, and we strongly encourage women, people of color, LGBTQIA+ individuals, and individuals with disabilities to apply. We are committed to creating a workplace that is inclusive and welcoming to all.