Int. DevSecOps Engineer (5+ years) to automate and validate Compliance-as-Code policies across multi-cloud environments (GCP, Azure, AWS) - 57857

Our financial services client is seeking a Cloud Security and AI Test Engineer (5+ years) to automate and validate Compliance-as-Code policies across multi-cloud environments (GCP, Azure, AWS)

Join a global security and defence business unit delivering intelligent testing automation and compliance validation within complex cloud environments. This position focuses on uplifting regression testing for CAS policies and integrating AI-driven frameworks into DevSecOps pipelines. The role offers exposure to advanced cloud platforms and security governance while collaborating with a specialized technical team. It represents a strong opportunity to expand expertise in security automation, AI validation, and financial sector compliance.

Contract, Toronto, Hybrid 2-4 days onsite

Duration: 4 months, possibility of exntension

Must Haves

• 5+ years in Cloud Security, DevSecOps, AI, or Cloud Engineering roles
• Strong technical background in GCP, Azure, and AWS cloud platforms
• Proficiency with Python and Terraform scripting for automation
• Experience using CI/CD pipelines for cloud policy validation
• Hands-on with Jira and Confluence for documentation and tracking
• Degree or diploma in a related field; Master’s or PhD preferred

Nice to Have

• Cloud or DevSecOps engineering certification
• Experience with container security and Kubernetes policy enforcement
• Exposure to HashiCorp Sentinel, Azure Policy, Wiz Policy, GCP Org Policy, Open Policy Agent, and Kubernetes
• Familiarity with cloud infrastructure as code using Helm, ARM, JSON, YAML, REGO
• Experience in banking or other financial institutions

Responsibilities

• Design and maintain AI-driven automated test frameworks validating Compliance-as-Code policies across GCP, Azure, and AWS
• Develop comprehensive test cases including positive, negative, and edge scenarios for policy enforcement logic
• Collaborate with Cloud Service Owners and security architects to define expected behaviors and failure conditions
• Integrate AI-assisted compliance validation into CI/CD pipelines using GitHub workflows
• Automate Terraform deployment security validations with Python scripting
• Validate cloud security controls against standards including NIST, ISO 27001, and SOC 2
• Implement monitoring, audit readiness, and automated compliance reporting using SonarQube, Wiz.IO, Splunk, Dynatrace, and AppOmni