Devsecops

Montréal, QC, CA, Canada

Job Description

Orion Innovation is a premier, award-winning, global business and technology services firm. Orion delivers game-changing business transformation and product development rooted in digital strategy, experience design, and engineering, with a unique combination of agility, scale, and maturity. We work with a wide range of clients across many industries including financial services, professional services, telecommunications and media, consumer products, automotive, industrial automation, professional sports and entertainment, life sciences, ecommerce, and education.

Role Overview





As a Security Engineer, you will focus on integrating security into our CI/CD pipelines, cloud-native workloads, and development environments. You'll work closely with software engineers, DevOps, architects, and compliance teams to ensure our code, pipelines, and infrastructure meet modern security standards and compliance expectations. This role balances hands-on engineering with strategic influence--ideal for someone ready to own security tooling, automation, and governance in a fast-paced environment.


Key Responsibilities




Design and implement secure CI/CD pipelines using GitHub Actions, integrating tools for code scanning, dependency management, and artifact integrity Enable and enforce GitHub Advanced Security features across all repositories Collaborate with engineering teams to apply secure coding practices across applications written in C#, Java, and Python Harden and secure Kubernetes environments--focusing on workload policies, RBAC, secrets management, and network segmentation Develop reusable security automation for scanning source code, containers, and dependencies Build monitoring and alerting around pipeline and runtime security events Conduct internal threat modelling, code reviews, and pipeline security assessments Contribute to secure development lifecycle (SDLC) policies and documentation Support compliance efforts by aligning engineering practices with standards such as NIST 800-53, FedRAMP, and others (as applicable)

Required Skills & Experience




3-5+ years of relevant experience in security engineering, DevSecOps, or platform security roles Strong hands-on experience with GitHub and GitHub Actions, including workflow creation and security scanning integration Exposure to security compliance frameworks (NIST 800-53, FedRAMP, SOC 2, ISO 27001) Experience with container/image scanning tools (e.g., Trivy, Grype, Aqua, Prisma) Knowledge of Infrastructure-as-Code (IaC) security (Terraform, Checkov, OPA, etc.) Practical experience with CI/CD pipelines and embedding security into build, test, and deploy stages Familiarity with containerized workloads and securing Kubernetes clusters in production Strong coding/scripting skills in C#, Java, and/or Python Solid understanding of secure development principles, OWASP Top 10, and software supply chain security and familiarity with SBOMs, SLSA, and supply chain integrity practices Proficient in vulnerability triage and remediation processes across code, pipelines, and containers Good to have Certifications such as GCSA, CKS, CSSLP, or CISSP

Orion is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, citizenship status, disability status, genetic information, protected veteran status, or any other characteristic protected by law.



Candidate Privacy Policy



Orion Systems Integrators, LLC and its subsidiaries and its affiliates (collectively, "Orion," "we" or "us") are committed to protecting your privacy. This Candidate Privacy Policy (orioninc.com) ("Notice") explains:


What information we collect during our application and recruitment process and why we collect it; How we handle that information; and How to access and update that information.

Your use of Orion services is governed by any applicable terms in this notice and our general Privacy Policy.

Beware of fraud agents! do not pay money to get a job

MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Related Jobs

Job Detail

  • Job Id
    JD2613606
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Montréal, QC, CA, Canada
  • Education
    Not mentioned