Newton

DevOps Engineer - Canada Wide - Remote

Newton

19 days ago

## DevOps Engineer - Canada Wide - Remote **Location:** Toronto, Ontario **Department:** Engineering **Workplace Type:** Remote Say hello to Newton! We're changing how Canadians trade crypto. Our goal? To make financial freedom something everyone can achieve. We give our customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada, but you'll never feel distant. Ready to be part of something meaningful? Join a team that’s all about pushing boundaries and getting things done. **Some of our values:** - **Customer first mindset** - Commitment to integrity and transparency to our users! - **A dynamic team fueled by collaboration** uniting our strengths to overcome any obstacles. Together we build success. We persevere, adapt, and come back stronger, turning obstacles into opportunities. - **We strive for continuous improvement** and embrace creativity and encourage experimentation. We push the boundaries of what’s possible and continuously explore new ideas, technologies, and solutions. ### Role Overview We are searching for a DevOps Engineer to improve how we build, deploy and run our systems. This role works across infrastructure, CI/CD, observability and operational tooling in an AWS-based environment spanning backend, frontend and internal services. ### Responsibilities will include: - Improve and maintain CI/CD, deployment workflows, and environment management across backend, web, and internal services - Build, maintain and scale infrastructure across AWS and container based services - Improve monitoring, alerting, logging, dashboards, tracing, and runbooks - Work with engineers on safer deploys, rollback plans, and recovery from failures - Automate repetitive operational work and improve internal tooling - Maintain and improve infrastructure as code and deployment tooling - Help improve failover planning, recovery procedures, and backup/restore testing for critical systems - Support production systems and take part in on-call for critical services - Manage and scale infrastructure across AWS, ECS, Docker, PostgreSQL, Redis, Celery, and Go/Python-based services - Lead incident response and postmortems, and drive follow-up actions to reduce repeat issues - Improve reliability, resilience, and operational readiness across critical systems ### Who you are: - Experience running production systems in AWS or a similar cloud environment - Experience with CI/CD and infrastructure automation - Strong understanding of AWS networking, including VPCs, subnets, route tables, security groups, load balancers, DNS and connectivity between services - Comfort with Linux, shell scripting, Python, and Go - Experience with Docker and ECS or Kubernetes - Experience with GitHub Actions, Pulumi, Terraform, or similar tooling - Experience with Datadog, Prometheus, Grafana, or similar observability tools - Good understanding of PostgreSQL, Redis, queues, async workers, and scheduled jobs - Familiarity with Cloudflare or similar edge, networking or traffic management tooling - A practical approach to automation, reliability and day to day operational work - Experience with on-call and incident response for business-critical systems - Strong troubleshooting skills across application, infrastructure, and data layers At Newton, we celebrate our inclusive work environment and welcome members of all backgrounds and perspectives to apply. We are committed to providing reasonable accommodations and will work with you to meet your needs. If you are a person with a disability and require assistance during the application process, please don’t hesitate to reach out! *We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.* **Apply for this job** When applying, mention the word **CANDYSHOP** to show you read the job post completely.

Security Lead - Canada Wide - Remote

Newton

60 days ago

## Security Lead - Canada Wide - Remote **Location:** Toronto, Ontario **Department:** Engineering **Workplace Type:** Remote Say hello to Newton! We're changing how Canadians trade crypto. Our goal? To make financial freedom something everyone can achieve. We give our customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada, but you'll never feel distant. Ready to be part of something meaningful? Join a team that’s all about pushing boundaries and getting things done. ### Some of our values: - **Customer first mindset** - Commitment to integrity and transparency to our users! - **A dynamic team fueled by collaboration** uniting our strengths to overcome any obstacles. Together we build success. We persevere, adapt, and come back stronger, turning obstacles into opportunities. - **We strive for continuous improvement** and embrace creativity and encourage experimentation. We push the boundaries of what’s possible and continuously explore new ideas, technologies, and solutions. ### Role Overview We’re hiring a **Security Lead** to own and drive our security function end-to-end, combining strategic direction with hands-on technical authority. You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise. Operating independently, you’ll build the structure and standards needed as we scale. Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity. ### Responsibilities will include: #### 1. Security Strategy & Risk Ownership - Define and maintain the company’s security roadmap - Maintain and actively manage a living risk register - Translate regulatory requirements into practical engineering controls - Prioritize remediation based on business and regulatory risk - Act as the internal security authority within engineering #### 2. Security Architecture & Infrastructure Review - Review infrastructure designs from a security perspective - Challenge architectural decisions that introduce risk - Define security guardrails for cloud infrastructure - Improve and harden existing IAM - Strengthen centralized logging and monitoring - Improve secrets management practices - Review Pulumi-based infrastructure changes with a security lens - Define security requirements for new services and infrastructure components #### 3. Application Security Ownership - Own the company’s application security posture - Define secure development standards - Introduce lightweight threat modeling practices - Oversee SAST/DAST and dependency scanning tooling - Ensure security is embedded throughout the SDLC - Partner with engineering teams to remediate vulnerabilities #### 4. Security Incident Response & Monitoring - Define and maintain the incident response framework - Establish clear escalation and communication processes - Ensure appropriate logging and monitoring coverage - Lead and coordinate security investigations when required - Track remediation actions following incidents - Continuously improve controls based on lessons learned #### 5. Penetration Testing & External Assessments - Own and coordinate external penetration tests - Scope engagements appropriately - Ensure remediation plans are defined and executed - Track findings to closure - Strengthen internal controls based on test results #### 6. Regulatory Alignment (CIRO + SOC 2) - Lead security readiness for CIRO requirements - Drive SOC 2 preparation and evidence collection - Maintain defensible documentation and policies - Ensure implemented controls withstand audit scrutiny - Partner with Engineering Directors to close compliance gaps #### 7. Third-Party & Vendor Risk Management - Define and manage third-party risk assessment processes - Evaluate the security posture of critical vendors - Assess the security impact of new tools before adoption - Define mitigation controls prior to integration - Maintain vendor risk documentation aligned with regulatory expectations #### 8. Endpoint & Internal Controls - Strengthen security controls on developer machines - Define secure onboarding and offboarding processes - Improve privileged access controls - Ensure internal security practices align with regulatory expectations ### Who you are: - Understand IAM and least privilege principles - Understand logging, monitoring, and alerting architecture - Be comfortable reviewing infrastructure-as-code (Pulumi) - Reason confidently about security architecture across infrastructure and application layers - Be willing to deepen your technical capabilities where needed - Have hands-on experience with SOC 2 or comparable audit processes - Have experience in a regulated environment (fintech, financial services, or similar), ideally CIRO-regulated - Have a strong understanding of risk management frameworks - Influence and challenge cloud architecture decisions when needed - Experience with AI tooling governance or AI-related security considerations is a strong plus At Newton, we celebrate our inclusive work environment and welcome members of all backgrounds and perspectives.