Canada onlyOur mission is to provide a positive, empowering, and transparent property financing experience that is simple from start to finish. Our team consists of skilled technology experts, caring mortgage specialists, and a diverse marketing team, all working together to lead change in the mortgage industry.
At nesto, we're proud of
- Our clients love our positive, empowering, and transparent mortgage financing experience.
- Our 4.5-star Google reviews speak for themselves!
- We won the 2023 & 2024 CLA Lender of the Year award, recognizing our excellence in lending services.
- We are a B Corp certified organization, highlighting our dedication to making a positive impact on our society and our planet.
- Our highly skilled, diverse, and collaborative team, makes everything possible!
- Our Mortgage Cloud platform gives financial institutions full access to nesto’s proprietary technology, powering a better client experience, from start to finish.
About the team
We're a fast-paced, interdisciplinary team working on multiple tech projects simultaneously. Our team is diverse and works on different products and nesto experiences that are all interconnected.
We are looking for a Cloud Security Developer to join our dynamic team. In this role, you will play a critical role in designing, implementing, and maintaining cloud security solutions to protect our cloud-based systems and applications. You will work closely with our development and operations teams to ensure the security and integrity of our cloud infrastructure.
We celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.
What you'll be doing
- Implement and maintain robust security controls to protect our cloud infrastructure and applications.
- Discover, remediate, and validate security issues across cloud infrastructure.
- Perform architectural/design reviews through a security lens and provide timely, actionable requirements and recommendations.
- Collaborate with security leadership, compliance, and engineering teams to execute security strategies.
- Build, deploy, and manage security tools such as WAF, IDS/IPS, workload protection, GCP Command Center, and Azure Security Center, etc.
- Propose and contribute to security and compliance improvements for nesto CI/CD pipelines and deployment processes.
- Automate infrastructure provisioning and deployment processes using Infrastructure as Code (IaC) tools like Terraform or Pulumi.
- Design and operate scalable processes to provision cloud access and maintain least privilege.
- Participate in and support the incident detection and response process by enhancing observability and alerting and assisting the incident response team.
- Self-organize and prioritize activities independently.
- Support audits and first-party security questionnaires.
- Conduct and oversee security assessments and threat modeling exercises.
- Implement security controls within Kubernetes.
- Build DevSecOps tools/integrations.
Who we're looking for
- 5+ years of experience working on a team focused on infrastructure and/or security.
- 5+ years of development experience (ideally GoLang, TypeScript/JS).
- Knowledge of common web application vulnerabilities and the OWASP Top 10 framework.
- The ability to analyze and act on results from DAST and SAST tools (e.g., Tenable, Snyk).
- Skilled in DevSecOps principles and familiarity with CI/CD pipelines (GitHub Actions, Argo CD, Azure DevOps) to perform automated security testing.
- Experience deploying and customizing security tools to address threats and lower risk, including vulnerability scanners, static analyzers, web application firewalls (WAFs), intrusion detection/prevention systems (IDS/IPS), and endpoint security monitoring.
- A comprehensive grasp of cloud and network security, including an in-depth understanding of Kubernetes.
- Experience in GCP specifically with one or more of the following services: Security Command Center, GKE, Cloud IDS, Cloud Armor, and Secrets Manager.
- Experience in Azure specifically with one or more of the following services: Security Center, Azure PaaS App Services, VMs, Azure SQL, Front Door, and Key Vault.
- Experience writing infrastructure-as-code using tooling such as Terraform, Pulumi, and Helm.
- Knowledge of common security-related frameworks and benchmarks like CIS, NIST, and MITRE ATT&CK.
- An understanding of identity and access management (IAM) principles and cloud-native IAM solutions.
- Passionate about constant learning and sharing knowledge with others.
- Bilingual (English & French).
We definitely want to talk to you if you have/are
- Experience managing security posture by collating, digesting, and monitoring outputs from tooling.
- Experience working with infrastructure-as-code using tooling such as Terraform, Pulumi, and Helm.
- Skilled in DevSecOps principles and familiar with CI/CD (Github Action and Argo CD) pipelines to perform automated security testing
The Reward
- The A-Team: Work alongside high-performing talent in the industry.
- Accelerated Growth: The slope of your learning curve here will be vertical. You will touch more production systems in one year than you would in five years at a bank.
- Top-Tier Coverage: Premium benefits plan fully paid by nesto, including comprehensive insurance and unlimited access to telemedicine and mental health services for you and your family.
- Rest & Recharge: 4 weeks of vacation to ensure you stay at peak performance.
- Best-in-Class Tools: Access to the resources and tech you need to execute without friction.
- Working framework: The environment that makes you productive and enables teamwork (Hybrid model).
Diversity and Inclusion
At nesto, we believe that creativity and collaboration are the result of a diverse team. We are committed to fostering a culture of diversity, equity, inclusion, and belonging, and we strongly encourage women, people of color, LGBTQIA+ individuals, and individuals with disabilities to apply. We are committed to creating a workplace that is inclusive and welcoming to all.
