DevOpsHunt
Jobs / Croix Bleue du Québec

Expert sénior DevSecOps

Croix Bleue du Québec · Montréal, QC, Canada
Montréal, QC, CanadaExp: 3-5 yrsHybrid
Remuneration
Annual bonus
Location
Montréal, QC, Canada
Visa sponsorship
Not specified

Job summary

Responsible for designing, implementing, and maintaining automated security pipelines, integrating security tools into CI/CD chains, and defining security policies as code. This role involves establishing security guardrails for AI agents, collaborating with development teams for vulnerability remediation, and contributing to the hardening of Kubernetes and cloud environments. The expert will also document DevSecOps security standards.

Benefits

Vacation from the first yearInternal advancement opportunitiesGroup insurance plan (dental, vision, and travel insurance)Defined benefit pension planWellness account of $400Employee and family assistance programTelemedicine service

Qualifications

  • Hold a bachelor's degree in computer science, software engineering, cybersecurity, or a related field
  • Accumulated a minimum of 3 to 5 years of DevOps experience with a strong security component, or in application security
  • Have concrete experience with CI/CD pipelines (BitBucket Pipelines, Jenkins, Azure DevOps, GitHub Actions)
  • Have practical experience with Kubernetes, Docker, and Azure cloud environments
  • Have experience with application security tools: SonarQube, Snyk, Trivy, Checkov, or equivalents
  • Master infrastructure as code (Terraform, Ansible) and GitOps practices
  • Have in-depth knowledge of Kubernetes orchestration platforms and container security
  • Master Python, Bash, Go, or similar languages for automation
  • Have knowledge of OWASP Top 10, CIS Benchmarks, NIST 800-53 standards
  • Understand SBOM concepts (CycloneDX, SPDX) and software supply chain security
  • Be able to explain security issues to development teams
  • Master French and English, both orally and in writing. A functional level of English is necessary to participate in collaborative projects for a pan-Canadian (or global) clientele

Responsibilities

  • Design, implement, and maintain automated security pipelines: SAST, DAST, SCA, container analysis, and IaC scanning
  • Integrate security tools into existing CI/CD chains (BitBucket Pipelines, Azure DevOps) without creating excessive friction
  • Implement and manage an SBOM inventory
  • Automate vulnerability scanning of container images and third-party dependencies
  • Define and apply security policies as code: quality gates, vulnerability thresholds, configuration compliance
  • Establish security guardrails for AI agents used in development (GitHub Copilot, generative code tools)
  • Collaborate with development teams for rapid remediation of vulnerabilities detected in the pipeline
  • Contribute to hardening Kubernetes and cloud environments (Azure)
  • Document DevSecOps security standards and train development teams
  • Participate in security impact analyses for change requests

Skills

AnsibleAzureAzure DevOpsBashBitbucketBitbucket PipelinesCheckovDockerGitHubGitHub ActionsGoJenkinsKubernetesPythonSnykSonarQubeTerraformTrivy

Degrees

Bachelor's degree in computer scienceSoftware engineeringCybersecurity

Languages

PythonBashGoFrenchEnglish

Relocation

No
Apply Now