Senior DevSecOps Engineer to identify and fix software vulnerabilities, particularly in SCA, SAST, and Tenable, across both legacy and modern software

Our valued client is seeking a Senior DevSecOps Engineer to identify and fix software vulnerabilities, particularly in SCA, SAST, and Tenable, across both legacy and modern software

An initial 1 year contract. 100% remote.

The Software Development Services specialist in DevSecOps, is a pivotal role focused on identifying and fixing software vulnerabilities, particularly in SCA, SAST, and Tenable, across both legacy and modern software. These services involves systematically applying DevSecOps solutions to address vulnerabilities as they arise. The ideal candidate will develop efficient solutions to enhance our vulnerability management processes. We are looking for developers who specialize in software integration systems and APIs within an Azure, BizTalk, and .NET environment.

Responsibilities:

• Analyze the SCA, SAST and server types of vulnerabilities around the integration system, and identify systematic and automated solutions to put in place
• Implement and test the software fixes and/or the DevOps solutions to automate the fixing mechanisms proposed
• Work with the team to integrate test automation tools and mechanisms for API component testing, regression testing.
• Design, implement, maintain and improve CI/CD pipelines for several products, for multiple environments and multiple situations
• Implement proofs of concept (AI, automated workflows, Moderne.ai, etc)
• Work with the business squads to improve their security pipelines, making sure that security scanners, controls, policies and regulations are compliant.

Must Have Skills:

• 10+ years experience as a DevSecOps Engineer with knowledge of SDLC
• Strong knowledge in Test Automation Tools, such as Python and Robot Framework, Postman
• Strong knowledge of Azure DevOps pipelines (YAML) or similar
• Valid Government of Canada Reliability clearance
• Strong knowledge of Bash or Powershell or other scripting tools to automate actions
• Knowledge of Terraform and Infrastructure as Code
• Knowledge of security SCA and SAST scanning tools like Mend, Snyk, etc.

Nice to Have Skills:

• Bilingual in French and English