Job Description

At CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!

Job Summary

This role is to provide governance within the DevSecOps practice to ensure quality and standards are defined and used by our CN community. The Expert is also responsible for the secure design, development, implementation and support of the platforms and its tools. The Expert define and documents the agreed standards and processes and coaches/mentors the other DevOps specialists to guide the CN team using them. As a DevSecOps Expert you will work collaboratively with the continuous integration and software engineering teams to deliver and operate development & test systems. You will oversee help the automation and streamline product operations and processes; build and maintain tools for deployment, monitoring and operations; and troubleshoot / resolve issues in our development, test and production environments and act on occasion in the role of a key systems administrator for various DevOps systems.

Main Responsibilities

DevSecOps

• Manage shared systems and services, docker orchestrator, service registry, secrets management and more.
• Write production-quality tools to reduce toil for the engineering team and help automate the technical ecosystem to help us scale.
• Assist other teams to utilize our observability tools and scripts to debug production systems.
• Shape the technologies used to solve some of our fundamental challenges (e.g. CI/CD, container orchestration, logging, security, etc.)
• Design and write secure, robust, testable and scalable pipeline template code and consistent design patterns.
• Evaluate emerging technologies to identify new opportunities, trends and best practices
• Architect solutions which help projects and multifaceted teams deliver
• Mentor and coach other devops members within the devsecops practice
• Administer, support and maintain existing platform components within the DevSecOps practice
• Evaluate and implement new platform components that can help or improve the teams that use the tools

Requirements

Experience

• Minimum 7-10 years overall work experience in Developement
• Minimum 5-7 years overall work experience in DevOps and Cloud
• Experience designing, configuring, and deploying DevOps systems and tools
• Knowledge of container security, especially Kubernetes, an asset
• Multi-cloud experience including AWS, Azure, and Google Cloud Platform, an asset
• Experience with Agile and SAFe methodologies, an asset
• Experience with the duties required of a SRE, an asset

Education/Certification/Designation

• Bachelor's or master's degree in Computer Science, Computer Engineering, Electrical Engineering, or another relevant field
• DevOps Certification an asset
• Azure certification an asset
• Google certification an asset
• Security certification: e.g. Certified Information Systems Security Professional (CISSP), Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), GIAC Cloud Security Automation (GCSA), etc. an asset

General Skills and Competencies

• Ability to define and organise an architecture apparatus in reusable building blocks: patterns, services, components, capability models, etc.
• Demonstrated capability to understand the implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablement
• Ability to derive requirements from vaguely formulated business needs
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures
• Excellent written and verbal communication skills
• Detail-oriented self-starter with a high level of commitment and personal motivation

• Knack for prioritizing tasks and working in a fast-paced environment
• Work closely with Development Architects, Cloud Architects and other Development/Cloud Specialists. Interact with project teams (functional, development and test leads, project managers and Architects).
• Position current technology capabilities in the direction of their roadmap and influence Product Owners, Product Managers to adhere to them.
• Identify and drive opportunities to improve automation for code deployment, management, and visibility of application services
• Develop tools and framework to automate operational tasks, deployment of machines, services, and applications

Technical Skills

• Strong knowledge of the processes, methodologies, tools and techniques, used for building large information technology systems in private and public clouds
• Knowledge of standards, regulations and legislation governing Information Security, e.g. OWASP
• Knowledge of general IT security architecture and technologies including: service-oriented-architectures, mobile technologies including Mobile Device Management (MDM), data-centric design, advanced analytics, AI, Identity and Access Management (IAM) lifecycles, Digital Forensics, End Point Encryption, Encryption Key Management, Database Security, Enterprise Directory Services, IDS, IPS, Next Generation Firewall, Application Firewall, Enterprise Password Vaults, Cloud SaaS /PaaS/IaaS Security, SIEM, etc., an asset
• Understanding of securing APIs, an asset
• Knowledge of container security, especially Kubernetes, an asset

Additional Skills

• Fluent in two or more of the following programming languages Python, Go, PowerShell, YAML and Bash
• Strong knowledge of CI/CD tools (Azure DevOps, Jenkins, GitHub Actions, etc.)
• Knowledge of DevOps Security tools (DAST, SATS, IAST) such as Fortify on Demand, SonarQube, BlackDuck.
• Strong knowledge in cloud computing (Azure, Google)
• Strong knowledge of Docker and creation/maintenance of dockerfiles
• Strong knowledge of Kubernetes and creation/maintenance of Kubernetes manifests
• Experience with Helm and Terraform
• Experience with Secret Managers (i.e. HashCorp Vault, Azure Key Vault, Google Cloud Key Management, etc.)
• Experience in designing multistage pipeline flows including CI/CD/CT
• Experience in administering Linux and Windows systems
• Familiar with Identity and Access Management (IAM) including RBAC
• Experience programing using API (RESTful, gRPC, GraphQL, etc.)
• Familiar with backend server architectures using Service Oriented Architecture or Micro-services design methodologies
• Good knowledge of Agile project management writing Features, Stories, Tasks and delivering in Sprints and PIs.
• Ability to accurately estimate efforts of the tasks assigned
• Proactive, able to plan, address or mitigate technical risk
• Ability to understand a problem, identify its root and find technical solutions
• Ability to work on multiple projects in parallel and meet deliverables dates
• Very good technical documentation skills
• Strong communication, influencing and presentation skills
• Leadership skills and ability to influence and guide others on integration and technical matters
• Proven experience delivering technology projects involving multiple parties
• Knowledge of IT security principles
• Ability to clarify requirements and ensure solution meets business needs
• Strong systems engineering knowledge
• Ability to navigate within a complex I&T organization
• Ability to lead in ambiguous situations
• Strong sense or prioritization for meeting deadlines
• Strong knowledge how to monitor application and infrastructure
• Knowledge in logs management, application monitoring, infrastructure monitoring
• Knowledge of monitoring and logging for containers and orchestrators.
• Knowledge of networking, security, and protocols
• Knowledge of SSO, OAuth 2.0 OpenID Connect (OIDC) and SAML 2.0 a plus.
• IoT experience a plus

About CN

CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. As the only railroad connecting Canada's Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.

For internal candidates, note that the grade level of the position will depend on the employee's experience.

CN requires that all employees be fully vaccinated against COVID-19 and provide proof thereof as a condition of employment. The Company's vaccination mandate extends to employees of our wholly owned subsidiaries as well as CN's contractors, consultants, agents and suppliers and anyone who accesses CN properties in Canada.

CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.