Layla logo

DevSecOps Lead

Layla
2 days ago
Full-time
Remote
Canada
$110,000 - $160,000 USD yearly
Introduction

Layla’s mission is to empower people to take control of their mental health. We use client-centric innovation to understand and address gaps in the ever-changing realities in mental health. Today, Layla is a service that facilitates personalized individual and couples therapy directly to the public as well as in collaboration with partners in the broader healthcare sector.

Job Description

Privacy and security at Layla are about protecting deeply personal moments, and every system we build must earn and preserve patient trust. You will join Layla’s Trust team, our cross-functional privacy and security program led by our Chief Program Officer and supported by a senior security advisor. Working closely with our Chief Technology Officer, you will be the bridge between development, operations, and security. We are looking for an engineer who doesn't just treat security as a final checkpoint, but integrates it into every stage of the software development lifecycle and business operations.

This is a full-time role, requiring 40 working hours per week, working weekdays. This is a remote position, and is open to anyone residing in AB, BC, NS, ON, and SK. Flexibility to do adhoc work if needed outside of business hours. Travel to GTA (3-4 times per year) will be required and expenses covered by the company if the applicant resides outside the GTA. Applicants must be legally eligible to work in Canada.

Please note that all interviewing and training will be done virtually.

Responsibilities 

We follow a quarterly strategic planning process, and agile work methodology. Every quarter we identify top priorities and organize the team in pods against objectives. You can expect your role to be varied and evolve over time, but generally include the following categories:

  • DevSecOps Automation: Implement "shift-left" security by integrating automated scanning (SAST/DAST/Secret detection) into our CI/CD pipelines.
  • Infrastructure as Code (IaC): Maintain and secure our AWS environment, ensuring high availability and proactive monitoring.
  • Vulnerability Management: Lead the end-to-end vulnerability management lifecycle. Facilitate and oversee third-party penetration tests, translate findings into actionable engineering tasks. Ensure remediation efforts are tracked, time-bound, and aligned with company risk tolerance.
  • Security Advisory: Act as the security partner to product engineering. Lead threat modeling sessions and conduct architecture reviews for new features to mitigate risk before deployment.
  • Operational Security: Oversee and continuously improve the security posture of our macOS-based fleet. 
  • Incident Response: Own the technical aspect of incident response and continuously improve processes. Act as or support the incident response lead (as the situation may be), ensuring clear playbooks, timely detection, investigation, containment, and post-incident reviews. 
  • Secure Corporate IT: Overseeing and strategically enhancing our identity management systems (not day-to-day operation). Partner with People Operations to ensure seamless, secure onboarding and offboarding processes, with clear auditability and minimal access drift.
  • Security Governance, Policies & Compliance: Operationalize Layla's security policies and controls in practice. Partner with the CPO and security advisor to translate program requirements into technical and operational implementation.

Required Professional Experience and Qualities 

  • 7+ years of relevant experience in healthcare, financial services or other environments handling highly sensitive data.
  • AWS Expert: Deep experience securing and scaling AWS services (IAM, VPC, EKS, RDS, CloudTrail).
  • Pipeline Engineering: Advanced proficiency in modern CI/CD tooling, focusing on automated deployments and security integrations.
  • Threat Modeling: Proven ability to identify attack vectors and design defensive strategies for cloud-native applications.
  • Security Assessments: Hands-on experience reviewing feature architecture and code for security flaws.
  • Risk Management: Experience working with a corporate risk register and managing the lifecycle of security findings from discovery to remediation.
  • MacOS Management: Comfortable managing and securing remote macOS laptops in a startup environment.
  • Monitoring and Observability: Experience with SIEM log setup and alert configuration.
  • Compliance: Experience with PHI, HIPAA, and/or SOC2 compliance in a healthcare, financial services or other environment handling highly sensitive data.
  • Incident Response: Experience leading or contributing to IR efforts and post-mortem analysis.
  • Mentorship: A passion for coaching developers on secure coding practices and modern DevSecOps methodologies.

Location & Logistical Requirements

  • This is a remote, full-time job requiring 40 working hours per week. 
  • Access to private, quiet and confidential workspace that allows for the protection of confidential information and the avoidance of disruption. This is important for team collaboration as well as speaking to clients professionally and confidentially.
  • Access to a mobile phone and internet connection with sufficient bandwidth and connection speed. 
  • The company will provide a laptop, and a set monthly budget to cover the use of personal devices for work.
  • Preference for candidates that are located in the Greater Toronto Area (GTA), and have flexibility to come into our office in Liberty Village. 

How to apply

We appreciate your interest in Layla, please apply on the link provided in the application: 
https://laylacare.applytojobs.ca/devsecops/46956

We look forward to reviewing your application, and will be in touch to arrange an interview if your profile matches our current needs.

Start date: Mid June 2026, flexibility to start earlier. 

Benefits


  • A diverse, passionate, and friendly team.
  • Supportive health & wellness benefits for you and your family.
  • 20 days of paid vacation + paid sick and family responsibility leave
  • Employee Development Benefit - time and annual budget to support your learning and professional growth.
  • Work from home setup budget

Salary: $110,000-$160,000, depending on experience
Job Type: Full-time, Permanent
Vacancy status: Not an existing vacancy

At Layla, one of our core values is to promote diversity. We welcome applications from a broad range of candidates including those with non-traditional backgrounds as well as non-Canadian experience. If you’re unsure about your qualifications for this position, we’d still encourage you to apply.

Please note that due to the sensitive nature of the work we do, a background check is required as a condition of employment.

We do not directly use artificial intelligence (AI) or automated decision-making tools in the recruitment process for this role. However, third-party partners may use AI tools as part of their initial screening or assessment process. All final decisions are made by real people. 

Layla welcomes applications from candidates with differing abilities. Please let us know if you require accommodation at any stage in the selection process