Jr DevSecOps Engineer

Job summary

This is an execution-focused engineering role on the DevSecOps team. You will work alongside Senior DevSecOps Engineers and Team Leads, building security tooling, maintaining production pipelines, and learning security engineering within a federally regulated financial institution. The role emphasizes technical sharpness, curiosity, and rapid growth in a high-trust environment.

Benefits

Qualifications

• 1–3 years of experience in a DevOps, DevSecOps, software engineering, or security engineering role, or equivalent experience through a relevant degree with a security or cloud focus, security internships, or demonstrable personal/open-source projects.
• Working knowledge of at least one major cloud platform (AWS or Azure), including IAM, compute, storage, and networking basics, with experience building or deploying real solutions.
• Hands-on Terraform experience, including reading and writing modules, understanding state, and debugging basic provider errors.
• Scripting ability in Python or Bash to write functional automation scripts from scratch.
• Basic CI/CD fluency, understanding pipeline stages, artifact handling, environment variables, and secure secret management.
• Foundational security knowledge, including OWASP Top 10, common vulnerability classes (injection, broken authentication, misconfigurations), and their manifestation in real systems.
• Core networking concepts, including TCP/IP, DNS, TLS/HTTPS, VPCs, subnets, security groups, and firewalls, sufficient to read a network diagram and ask relevant questions.
• Strong communication skills in writing, ability to ask good questions, and proactive problem identification.
• Experience with GitHub Actions, including writing or modifying workflows.
• Exposure to Microsoft Sentinel or any SIEM, including running queries, investigating alerts, or creating basic rules.
• Basic understanding of containers, including Docker, image layers, and image scanning.
• Active or in-progress certifications such as CompTIA Security+, AZ-900, AZ-500, AWS Cloud Practitioner, or AWS Security Specialty.
• Exposure to compliance or audit processes (e.g., SOC 2, PCI-DSS) or regulated environments.
• Familiarity with OSFI B-13 or Canadian financial services regulatory context.
• Exposure to identity and access concepts, including OAuth 2.0, OIDC, SAML, or workload identity.

Responsibilities

• Build and maintain security integrations within CI/CD pipelines, including SAST/DAST tooling, secrets scanning, dependency checks, and container image scanning.
• Write and maintain Terraform modules under senior review, contributing to the IaC library, fixing drift, and enforcing module standards.
• Automate security tasks in Python and Bash, such as evidence collection scripts, alert enrichment, scheduled scans, and reporting automation.
• Support the supply-chain security program, including SBOM generation, dependency pinning, and build artifact management.
• Help implement and maintain policy-as-code configurations, learning enforcement patterns at PR-time, pipeline-time, and deploy-time.
• Maintain and improve runbooks for operational procedures and on-call scenarios.
• Monitor and triage security alerts from Microsoft Sentinel, AWS Security Hub, and Azure Defender for Cloud under senior guidance.
• Contribute to incident response investigations, including log analysis, timeline reconstruction, and evidence handling.
• Help tune detection rules and reduce alert noise, learning to write and modify KQL queries in Sentinel.
• Support audit evidence collection, running API-based artifact pulls, validating completeness, and maintaining evidence repositories.
• Participate in vulnerability management, tracking scan results, validating remediations, and updating the risk register with senior oversight.
• Shadow the Senior DevSecOps Engineer on architecture decisions, threat modeling sessions, and stakeholder conversations.
• Work toward a defined certification path as part of your development plan (e.g., AZ-500, AWS Security Specialty).
• Join the on-call rotation progressively, starting as a shadow and progressing to independent.
• Contribute to team documentation and the Security Centre of Excellence knowledge base.

Skills

Work schedule

Industry

Relocation