Job Description
DevSecOps Specialist
Hybrid, Ottawa or Montreal QC, Canada
Enhanced Security clearance is required (Federal Government of Canada)
Contract
The Software Development specialist in DevSecOps is a pivotal role focused on identifying and fixing software vulnerabilities, particularly in SCA, SAST, and Tenable, across both legacy and modern software. This role involves systematically applying DevSecOps solutions to address vulnerabilities as they arise. The ideal candidate will develop efficient solutions to enhance our vulnerability management processes. We are looking for developers who specialize in software integration systems and APIs within an Azure, BizTalk, and .NET environment. This position is key to achieving clients’ 2030 strategy.
Primary Responsibilities
• Analyze the SCA, SAST, and server types of vulnerabilities around the integration system, and identify systematic and automated solutions to put in place
• Implement and test the software fixes and/or the DevOps solutions to automate the fixing mechanisms proposed
• Work with the team to integrate test automation tools and mechanisms for API component testing, and regression testing.
• Design, implement, maintain, and improve CI/CD pipelines for several products, for multiple environments and multiple situations
• Implement proofs of concept (AI, automated workflows, Moderne.ai, etc.)
• Work with the business squads to improve their security pipelines, making sure that security scanners, controls, policies, and regulations are compliant.
Specific Project Requirements
Top Skills Required:
• 10 years in Software Engineering with knowledge of the SDLC
• Strong knowledge and demonstrated experience in software security
• Demonstrated and strong experience in agile projects on Azure DevOps
Other Skills Required:
• Strong knowledge of Test Automation Tools, such as Python and Robot Framework, Postman
• Strong knowledge of Azure DevOps pipelines (YAML) or similar
• Strong knowledge of bash Powershell or other scripting tools to automate actions
• Strong understanding of automation in general and its benefits (do twice=automate)
• Knowledge of version control software good practices and Git
• Knowledge of Terraform and Infrastructure as Code
• Knowledge of security SCA and SAST scanning tools like Mend, Snyk, etc.
• Effective communication skills with the ability to understand the squad’s priorities and propose technical decisions tied to priorities
Assets:
• Bilingual in both official languages (French and English)