DevSecOps Engineer

We are looking for a DevSecOps Engineer! Reach out if you are interested and feel free to refer friends/colleagues!

Type of Employment: Contract
Title: DevSecOps Engineer
Term: 12 months contract with extension
Location: Toronto – Hybrid, 2 days a week onsite

Job ID number: C1235

Brief Description of Duties:

The DevSecOps Chapter’s mission is to help all software squads adopt best practice software delivery mechanisms, ensuring they deliver secure, reliable and quality software as effectively as possible.

The client’s services are a broad mix of various cloud services (IaaS, PaaS, SaaS) and traditional on-premise systems. The DevOps Engineer Services focuses on customer experience (CX), drawing on extensive technical expertise to leverage modern digital service designs, ecosystems, data management and technology.

Work with various internal and external teams consisting of architecture owners, enterprise and domain architects, business analysts and the entire Scrum team (the team) to deliver secure, scalable solutions that meet the organization’s changing needs.

The DevSecOps Engineer is responsible for the implementation, maintenance and efficiency of CI/CD pipelines as well as several other reusable DevSecOps capabilities. They value simplicity and is willing to question technical constraints and procedures to achieve Agile delivery. A great DevSecOps is eager to get their hands dirty and use their imagination to help solve the biggest problems. The DevSecOps Engineer needs to work with various development squads to integrate quality scanners (such as SCA, SAST and DAST), code quality scanners, test automation tools, performance analysis tools. Your expertise is leveraged to continuously improve the performance, security and reliability of the software delivery systems.

Moreover, the DevSecOps Engineer work to design, implement and test the deployment of environment via Infrastructure-as-Code and make sure that observability tools are connected to monitor the services running on infrastructure. The DevSecOps engineer may or may not make use of containers depending on the situations of each squads and applications.

The DevSecOps Engineer is a strong advocate of DevSecOps Mindset and Culture, able to explain its true advantages to less experimented squad members, including teaching of technical tools and capabilities. The DevSecOps Engineer is not afraid to get dirty hands and use imagination for helping the squads to improve their performance.

Primary Responsiblities: 

• Design, implement, maintain and improve CI/CD pipelines for several products, for multiple environments and multiple situations​
• Work with the squad to integrate quality and security into the development process, making sure that security scanners, controls, policies and regulations are compliant.​
• In collaboration with the security group, continuously evaluate and improve security processes and procedures to stay ahead of emerging cyber threats​
• Work with the team to integrate test automation tools and mechanisms for various needs, such as unit testing, regression testing, API testing, UI testing and performance testing.​
• Participate in developing reusable DevSecOps capabilities that other squads can adopt​
• Make sure observability is implemented and connected to analyze and improve system reliability​
• With the help of systems analysts and tech leads, continuously explore, analyze and propose solution to improve deployment speed and quality​
• Work on the design, implementation and testing of the Infrastructure-as-Code​ deployment environment
• Read and transform tool reports so that they are in a readable format, integrated to the development process management platforms (such as Azure DevOps, Jira or ServiceNow)​
• Gradually transfer DevSecOps knowledge to the squad members, to ensure that the team becomes cross functional.​
• Work with the squads and the DevSecOps Chapter to make sure that the DevSecOps roadmap aligns with long term objectives​
• Continuously seek better ways to solve technical problems and design the solution, identify gaps and opportunities for improvement​
• Mentor and coach the technical team about DevSecOps, and if applicable also with code reviews
• Proactively identify opportunities for process, systems, and other improvements.​
• Monitor and analyze system logs, network traffic, and security events to help identify and respond to security incidents​
• Strong understanding of automation in general and its benefits (do twice=automate)

Specific Project Requirements: 

The DevSecOps Chapter is currently working on several projects and the candidate would have to participate to those objectives. We expect the candidate to work on :

• Participate in the development of application, infrastructure and data monitoring systems, using App Insights or other commercial tools
• Build several pipelines for a multitude of tools in order to run software security scanners, such asd SCA or SAST scanners
• Support test automation within pipelines
• Help teams automate through different methods for legacy apps (including scripting and automated configurations)

Top Skills Required:

• 5 years in Software Engineering
• Demonstrated and strong experience in agile projects on Azure DevOps, Azure Cloud Environment and SaaS Solutions
• Strong understanding of security practices like SCA, SAST, DAST, etc. and tools like Mend, Snyk, etc.

Other Skills Required:

• Demonstrated and strong experience in agile projects on Azure DevOps, Azure Cloud Environment and SaaS Solutions
• Demonstrated experience on On-Prem environment with legacy software and DevSecOps solution for legacy software or ERP
• Strong knowledge of Terraform and Infrastructure as Code
• Strong knowledge of Azure DevOps pipelines (YAML) or similar
• Strong knowledge of version control software good practices and Git
• Strong knowledge of Azure and Azure Monitor
• Strong knowledge of the containerization principles such as Docker, Azure Containers and Kubernetes
• Strong knowledge of bash or Powershell or other scripting tools to automate actions
• Completed an Undergraduate Degree in Computer Science, Engineering or Management Information Systems or an equivalent combination of relevant education and work experience
• Relevant experience in agile delivery
• Strong Analytical ability with demonstrated application of technical problem solving and analytical tools and techniques. Ability to identify issues and risks and provide options analysis.
• Effective communication skills with ability to understand the squad’s priorities and propose technical decisions tied to priorities

Assets:

• Bilingual in both official languages (French and English)
• Active coach and mentor skills, with patience and aptitudes to teach to others
• Experience in software development (code, tests) using C# and .NET
• Background in Financial, Insurance or other related an asset
• Experience working with databases, relational or NoSQL
• Experience with ETL processes.
• Experience with Selenium and other test automation tools