DevSecOps Engineer

About Us

Let’s go on an adventure together!  

Hey there, we’re G Adventures. We’re one of the world’s leading small group travel companies, and we’ve always believed that travel isn’t just about where you go — it’s about how it changes you.

For the last 35 years, we’ve set out to do things differently. No cookie-cutter tours. No giant buses or cruise ships. And not to mention, as few selfie sticks as possible. Just real humans, travelling your heart out across the world with open minds and a non-stop desire to make our planet better, simply by exploring it. 

At G Adventures, our DNA (or GNA, if you will) is built on belonging — where bringing your authentic self to work every day isn’t just accepted, it’s downright celebrated. For our office crew — you wanna rock a t-shirt with your dog’s face on it? We say go for it. For our Chief Experience Officers —  you wanna hit the road and call some of the most epic places on Earth your home office? We love that — and we’ve got you. Wanna spend your days with people you genuinely like? Us too — and we’re pretty sure you’ll fit right in, wherever that is. 

Now about that career of yours — this is the kind of place where you can spread your wings and truly grow into your role. The best part? You get to do it all alongside a passionate, freakishly talented, one-of-a-kind bunch excited to produce top-notch work and spread a ridiculous amount of goodness at the same time. 

Feel like this could be the right fit? We think so too, and we’re already way too excited to meet you.

Secure Development & Automation

• Architect and implement robust security controls and processes across the entire software development lifecycle (SDLC), collaborating with development, operations and security teams to ensure security is embedded at every stage.

• Design, implement and maintain security practices within CI/CD pipelines by integrating and automating tools such as SAST, DAST and SCA to provide continuous, automated feedback and early detection of vulnerabilities.

• Deploy, configure, and maintain security infrastructure, including Web Application Firewalls (WAFs), Intrusion Detection/Prevention Systems (IDS/IPS) and SIEM platforms to proactively monitor and defend against threats.

• Develop and manage automated scripts and tools to streamline security operations and improve efficiency.

• Conduct regular and ad-hoc vulnerability assessments, penetration testing and security code reviews to identify and remediate weaknesses in applications and infrastructure.

Infrastructure Security & Vulnerability Management

• Strengthen the security posture of infrastructure by implementing Infrastructure as Code (IaC) security measures using Terraform.

• Manage and enforce policies for cloud security, container security, and runtime security across platforms like Kubernetes, Amazon ECS, and Docker.

• Secure systems against cyber threats through detailed analysis of security events, incident response, vulnerability management, risk assessment, and policy development.

• Perform continuous monitoring, vulnerability scanning, and formal network/system assessments, documenting findings and corrective actions.

• Regularly assess and harden system configurations to align with industry best practices and frameworks.

• Collaborate with teams to remediate vulnerabilities and manage timely patch deployments.

• Ensure compliance with standards such as SOC 2, ISO 27001, and PCI DSS by aligning DevSecOps practices with organizational requirements.

• Participate in security audits and generate evidence to support regulatory and customer compliance needs.

Collaboration & Incident Response

• Serve as a security evangelist, collaborating closely with software development, IT operations and product teams to embed a "security-first" mindset and promote secure coding practices from the project's inception.

• Work cross-functionally with other teams to implement secure systems and respond to cyber threats.

• Develop and monitor automated detection mechanisms to monitor for security threats and incidents.

• Work with the Information Security team to develop and tune SIEM playbooks and scripts for incident response.

• Participate in the security on-call rotation, blue-team exercises, and tabletop simulations to test organizational readiness.

• Design and deliver comprehensive security training and workshops to educate engineering teams on emerging threats and security best practices.

• Contribute to the continuous improvement of the DevSecOps strategy by staying current with industry trends, new technologies, and evolving threat landscapes.

• Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).

• 3+ years of experience in DevOps, security engineering or software development with a focus on security.

• Deep expertise in cloud security principles, with hands-on experience across AWS, Azure and other cloud providers, including IAM, security groups, KMS, GuardDuty, Security Hub and related services.

• In-depth knowledge of cloud architecture and design, with experience securing serverless environments (e.g., AWS Lambda, Azure Functions) and implementing Zero Trust architectures.

• 3+ years experience with Infrastructure as Code (IaC) tools such as Terraform and Ansible, including applying IaC security best practices.

• Strong experience with containerization and orchestration technologies (Docker, Kubernetes, Amazon ECS), including security best practices for containerized workloads and runtime environments.

• 3+ years of hands-on experience with CI/CD tools (Jenkins, GitLab CI/CD, CircleCI, Azure DevOps, GitHub Actions).

• Proven ability to integrate security tools into CI/CD workflows for automated vulnerability scanning and compliance enforcement.

• Strong scripting and automation skills using Python, Bash, PowerShell, Go, or Java.

• Hands-on experience with modern security tools (e.g., Snyk, Wiz, Orca, OWASP ZAP, SonarQube, Checkmarx) and cybersecurity platforms (e.g., EDR, WAF, SIEM, SAML/SSO, IAM, intrusion prevention/detection, data protection).

• Familiarity with logging and monitoring tools (e.g., DataDog, Splunk, ELK Stack, SumoLogic, Prometheus, Grafana).

• Solid knowledge of network security fundamentals (firewalls, VPNs, IDS/IPS, common attack vectors, and mitigations).

• Strong understanding of threat modeling and risk assessment methodologies.

• Familiarity with security frameworks and compliance standards: OWASP, MITRE ATT&CK, NIST, CIS, SOC 2, ISO 27001, PCI DSS.

• Experience participating in Red Team/Blue Team exercises, penetration testing, and ethical hacking.

• Strong problem-solving skills with high attention to detail.

• Excellent communication and interpersonal abilities, capable of explaining complex security concepts to both technical and non-technical audiences.

Additional Information

• Base Salary Hiring Range: $75,000.00 - $90,000.00 CAD annually

• Eligible for an annual performance-based bonus
   

Final salary offered will fall within the posted salary range and will vary based on the candidate’s skills, experience and qualifications

Note:

• This is a recruitment posting for an existing vacancy.
   

What Do We Offer You?

• Competitive Total Rewards Package, including exclusive travel perks!

• Additional days off, including on your birthday!

• Vacation time for you to recharge

• Enhanced Parental Leave

• Meaningful Employee Recognition Program

• Learning and Growth Opportunities

• Employee Resource Groups

*Applicable based on location*

Please note that Artificial Intelligence (AI) is used in the selection or interview process.

G Adventures is an equal opportunity employer committed to fostering a diverse and inclusive work environment. We consider all qualified applicants.