Loss Prevention Store Security Agent at TJX Canada creating a safe store environment and preventing theft. Collaborating with teams to enhance security measures across retail locations.
About the role
- Senior Security Engineer focusing on security infrastructure for RubyGems, Bundler, and RubyGems.org at Ruby Central. Improve supply chain security while collaborating with a passionate open source community.
Responsibilities
- Participate in planning and execution for a security roadmap to sustainably improve the supply chain security of the Ruby package management ecosystem
- Formalize existing security practices, and help Ruby projects become more proactive with regards to security improvements
- Establish new processes and features that make it easier to prevent, detect, and respond to security risks, to make it easier and more sustainable for the community to identify and address security issues going forward
- Contribute to security policies for the RubyGems.org service, soliciting and considering input from the community and security experts
- Participate in relevant working groups and meetings with ecosystem stakeholders and funding partners
- Design, build, and maintain features in RubyGems, Bundler, and RubyGems.org
- Collaborate with maintainers and contributors across the ecosystem to address bugs, security issues, and new feature requests
- Monitor and support the AWS-based infrastructure, including automating operations and improving deployment pipelines
- Accept on-call shifts for security or other emergency incidents
- Participate in community discussions, RFCs, and technical planning for future enhancements to Ruby’s packaging ecosystem
- Support and mentor community contributors and volunteers
Requirements
- 5+ years of hands-on experience in security engineering, with a strong background in infrastructure and cloud security
- Deep proficiency in the Ruby programming language and the Ruby on Rails framework
- Expertise in securing cloud environments AWS, including VPC/network security, IAM policies, container security (Kubernetes, Docker), and serverless architectures
- Expert-level knowledge of web application vulnerabilities (OWASP Top 10 and beyond) and deep familiarity with the security nuances of Ruby on Rails (e.g., mass assignment, SQLi, XSS, CSRF in a Rails context)
- Demonstrated experience building and implementing security automation using scripting languages (e.g., Bash, Ruby) to reduce manual work
- Proficiency with Infrastructure as Code (IaC) and its security implications (e.g., Terraform, CloudFormation), including experience with IaC scanning tools
- Hands-on experience with security tooling such as SAST, DAST, IAST, and infrastructure scanning tools
- Experience designing and implementing security monitoring solutions (SIEM, log analysis) and leading incident response efforts, from detection to post-mortem
- Excellent communication skills, with the ability to mentor junior engineers and clearly articulate complex security risks to both technical and non-technical stakeholders
Benefits
- Work from anywhere in the world
- Collaborative and passionate community
- Opportunity to impact the future of Ruby development
- Open source engagement
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Information Security Advisor focusing on risk management and cybersecurity for technology solutions at iA Financial Group. Collaborating with IT teams and ensuring secure technology practices.
Senior Infrastructure Security Engineer focusing on building proactive security solutions for cloud - based environments. Responsible for security architecture and effective incident response in the company’s infrastructure.
Enterprise Security Architect leading cybersecurity initiatives and secure solutions design at Vancity. Collaborating with teams to influence enterprise architecture and protect digital assets.
Security Manager responsible for developing site security plans and managing security personnel. Overseeing sensitive information management while ensuring compliance with PSPC requirements in Canada.
Customer Success Manager managing customer loyalty and adoption of Saviynt services and products. Driving success and providing customer advisory based on their business objectives.
Principal Product Manager helping GitLab turn product strategy into business impact across security offerings. Collaborating across teams to drive growth and business performance.
Security Engineer designing security architecture for AI - native customer data platform. Collaborating with engineers to map agent workflows and defining enterprise - scale security primitives.
Intern investigating AI solutions for enhancing security posture of products and infrastructure. Hands - on experience in cloud security, threat detection, and automation.
Security Project Agent conducting safety assessments in constituency offices across Canada. Responsible for risk evaluation and supervising safety improvement installations in compliance with set guidelines.