Application Security (AppSec) and Cloud Security within GFL, working daily with
code security, cloud security controls, and DevSecOps tools. The senior engineer will provide technical leadership to junior team members and deliver security reporting to management.
As part of the GFL IT Operations team, you will be heavily involved in
securing cloud-hosted applications, hardening cloud environments, and implementing DevSecOps best practices while ensuring legacy products maintain compliance with security standards.
Key Responsibilities:
Develop & Maintain AppSec & Cloud Security Policies – Implement security policies, standards, and best practices for application security (SAST/DAST) and AWS cloud environments.Conduct Application & Cloud Security Assessments – Perform secure code reviews, vulnerability assessments, and threat modeling for cloud-based applications.Secure CI/CD Pipelines & DevSecOps – Integrate security into CI/CD workflows, ensuring automated scanning (Snyk, AWS Security Hub) and enforcement of secure coding practices.Cloud Security Hardening – Apply security best practices for AWS services (IAM, VPC, encryption, security groups, logging, and monitoring).Implement Zero Trust & Access Controls – Enforce least privilege access, cloud security policies, and container security controls (Kubernetes, Docker, EKS).Collaborate with IT & DevOps Teams – Work with developers and cloud engineers to embed security controls in cloud-based applications and infrastructure.Review Cloud & Application Architecture – Ensure security best practices in container security, data security, API security, and operational security architectures.Security Monitoring & Incident Response – Monitor cloud security logs, detect vulnerabilities, and investigate security incidents using AWS-native security tools.Ensure Compliance & Risk Management – Align AppSec and CloudSec controls with NIST, PCI, HIPAA, SOC 2, and ISO 27001 regulatory standards.Stay Ahead of Security Threats – Research emerging AppSec & CloudSec vulnerabilities, enhance security tooling, and recommend security improvements.The culture:
GFL is committed to providing everyone with the opportunity to thrive, this means.
Our working arrangements can be flexible to accommodate your priorities
We have a training budget so you can keep your continuous personal development up to date
Volunteering options available to engage with the wider community
A respectful and considerate workspace, working alongside colleagues from across the wider business
Recognition for a job well done and not just the superhuman push at the end
Requirements:
Bachelor's degree in computer science, Information Security, or a related field, or equivalent work experience.
At least 5 years of experience in cloud security with a strong focus on securing AWS environments and cloud-native applications
3+ years of relevant experience in Application Security (AppSec) and Public Cloud Security (AWS, IaaS, PaaS, SaaS), securing workloads, APIs, and containers.
Skilled in Secure Software Development Life Cycle (SDLC), including secure coding, threat modeling, security testing, and CI/CD security integration.
Familiarity with Infrastructure as Code (IaC) and Cloud Security Posture Management (CSPM) for securing AWS cloud environments using Terraform, Ansible, or AWS-native tools.
Hands-on experience in Cloud Security Architecture, including container security (EKS, Docker, Kubernetes), microservices security, API security (OAuth, JWT), and WAF implementations (AWS WAF, Cloudflare).
Expertise in Application Security tools such as SAST (Snyk, Checkmarx), DAST (Burp Suite, OWASP ZAP), and dependency scanning tools to identify and remediate vulnerabilities in codebases.
Knowledge of cybersecurity concepts, including secure authentication (MFA, SSO, OAuth), encryption, identity federation, and boundary defense in cloud environments.
Experience with security monitoring and incident response, including SIEM (Splunk, Sentinel, Dynatrace), intrusion detection/prevention systems, and AWS Security Hub for threat detection.
Familiarity with Cloud IAM & Access Controls, including AWS IAM, secrets management, privileged access management (PAM), and role-based access controls (RBAC).
Knowledge of compliance frameworks (NIST, PCI-DSS, HIPAA, SO C 2, ISO 27001) and how they impact cloud security and application security implementations.
Skilled in communicating security risks to developers, IT teams, and leadership while making timely, risk-based security decisions.
Strong analytical, problem-solving, and troubleshooting skills, with the ability to assess and remediate cloud misconfigurations, application vulnerabilities, and security control gaps.
Experience with DevSecOps and CI/CD security, integrating security controls within Azure DevOps, GitHub, Jenkins, and Terraform pipelines.
Relevant certifications, such as AWS Security Specialty, CCSP, CISSP, CCSK, GIAC Cloud Security, or OSWE, are a plus.
.
.
We thank you for your interest. Only those selected for an interview will be contacted.
GFL is committed to equal opportunity for all, without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, age, veteran status, disability, genetic information, or any other protected characteristic. If you are interested in applying for employment and need special assistance or an accommodation to apply for a posted position, please contact myworkdayrecruitment@gflenv.com