DevSecOps Lead

Job Overview

Own the security and compliance program including SOC2 and GDPR, while hands-on configuring and operating security tools and automation. Collaborate with IT, DevOps, Engineering, and Legal to implement scalable, secure solutions in cloud environments.

Responsibilities

• Own and manage the security and compliance program (SOC2, GDPR)
• Ensure policies, controls, and audit readiness through continuous monitoring and tooling (e.g., Drata)
• Configure, manage, and optimize security tools (e.g., Microsoft Sentinel, Defender, cloud security services)
• Oversee and improve cloud and infrastructure security across Azure and AWS
• Manage vulnerability processes, including scanning, prioritization, and remediation tracking
• Define and support security monitoring, alerting, and incident response processes
• Lead vendor security due diligence and third-party risk assessments
• Support customer security questionnaires and trust initiatives
• Design and implement automation (scripts, workflows, integrations) to streamline security and compliance processes
• Collaborate with DevOps on advanced integrations and support solution design, testing, and deployment

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience
• 5+ years in security, compliance, or related roles
• Strong hands-on experience with cloud environments (Azure and/or AWS)
• Experience configuring and operating security tools (e.g., SIEM, endpoint security, cloud security platforms)
• Experience with SOC2 and/or GDPR programs
• Ability to develop basic to moderate scripts (e.g., PowerShell, Python) and automation workflows
• Strong understanding of cybersecurity principles (IAM, network security, monitoring, vulnerability management)
• Strong communication skills and ability to work cross-functionally
• Bilingualism (French and English) required, with proficiency in English essential