What’s in it for you as an employee of QFG?

• Health & wellbeing resources and programs
  
  

• Paid vacation, personal, and sick days for work-life balance
  
  

• Competitive compensation and benefits packages
  
  

• Work-life balance
  
  

• Career growth and development opportunities
  
  

• Opportunities to contribute to community causes
  
  

• Work with diverse team members in an inclusive and collaborative environment
  
  

We’re looking for our next Security Engineer. Could It Be You?

We are looking for an experienced Security Engineer to join our DevSecOps team. You will be a key contributor, responsible for owning, maintaining, and enhancing the security tools and pipelines that secure our software development lifecycle. This role requires solid technical knowledge of cloud and container security, a knack for automation, and the ability to work independently to deliver high-quality security solutions.

Need more details? Keep reading…

• Tool and Automation Ownership: Take full ownership of a specific AppSec tool, such as a vulnerability management system or a secrets scanner, ensuring its maintenance, upgrades, and reliability.

• Pipeline Security: Write and maintain reliable automation scripts to integrate and manage security tasks within CI/CD pipelines.

• Troubleshooting and Enhancement: Troubleshoot and resolve issues with security tools and automation. Make engineering decisions to improve the reliability and efficiency of these tools within your scope of ownership.

• Collaboration and Communication: Independently explain tool configurations and vulnerability details to engineering teams. Collaborate effectively with cloud infrastructure and development teams to maintain and enhance pipeline security.

• Security Best Practices: Stay abreast of security trends, including new challenges from AI models and large language models (LLMs), and identify ways to enhance the security of our application stack.
  
  

So are YOU our next Security Engineer? You are if you have…

• Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or a related technical field.

• 2-4 years of experience in security engineering, with a focus on DevSecOps or Application Security.

• Solid knowledge of cloud infrastructure, container security (including Kubernetes), and DevSecOps tools.

• Proven ability to deliver reliable automation scripts and tool configurations for complex pipelines with minimal supervision.

• Proficiency in scripting languages like Python or Bash for automating security tasks.

• Experience with security tools such as SAST, DAST, SCA, and secrets scanners.

• Knowledge of AI and agentic coding tools and their security implications, especially concerning code quality and security vulnerabilities.

• Excellent communication skills with the ability to independently explain technical concepts to different teams.

• A passion for taking ownership of assigned tasks and ensuring timely, high-quality delivery.
  

Brownie points if you have…

• Experience with security orchestration and automation platforms (e.g., Terraform, Ansible).

• Experience with security frameworks like NIST Cybersecurity Framework, NIST SSDF, ISO 27001, or SOC 2.

• Experience with securing the software supply chain, including the use of AI-generated code.

• Relevant security certifications (e.g., CompTIA Security+, GCP Professional Cloud Security Engineer, other cloud provider equivalents, or certifications demonstrating expertise in container and Kubernetes security and DevSecOps).
  
  

Sounds like you? Click below to apply! #LI-Hybrid #LI-MM1