Job Description

Specialiste DevSecOps

Relevant du vice-president a la cybersecurite et a la conformite TI, le ou la specialiste DevSecOps jouera un role cle dans la securisation de l'ecosysteme numerique etendu de MTY ainsi que de ses initiatives technologiques emergentes. Ce poste implique une collaboration etroite avec des equipes multidisciplinaires afin de s'assurer que la securite est integree a chaque etape du cycle de developpement logiciel (SDLC). Les responsabilites principales incluent la securite des API, les tests de securite des applications web et l'Infrastructure-as-Code (IaC).

Avantages :

3 semaines de vacances; 5 journees de conges mobiles; 2000$ de remboursement des frais d'ordre professionnel et de formation continue; Horaire de travail flexible Demi-journee le vendredi disponible a l'annee; Plans de sante et dentaires d'entreprise, compte de depenses sante/personnel de bien-etre supplementaire de 300$; Programme d'assistance aux employes avec acces a un large eventail de services allant de la sante mentale aux conseils juridiques et financiers; Prix mensuels de reconnaissance a l'echelle de l'entreprise avec des gagnants trimestriels et annuels; Evenements sociaux d'entreprise, y compris, mais sans s'y limiter, des webinaires, des assemblees publiques trimestrielles et des activites amusantes pour tous; Tenue d'affaires decontractee; Stationnement gratuit au bureau.

Responsabilites principales :

Etablir des relations solides avec les parties prenantes a travers l'organisation, incluant les equipes des operations web, du marketing, des donnees et analyses, ainsi que de l'infrastructure TI. Travailler avec les parties prenantes pour promouvoir les bonnes pratiques de codage securise et favoriser la culture DevSecOps. Identifier et prioriser les erreurs de configuration et vulnerabilites en matiere de securite, selon une approche basee sur les risques. Effectuer et automatiser des tests de securite sur les applications web (y compris WordPress), en mettant l'accent sur les vulnerabilites OWASP Top 10 et la conception securisee des API. Concevoir et executer des tests de securite automatises pour les API RESTful, et collaborer avec les developpeurs sur les correctifs. Maintenir des pipelines CI/CD securises dans GitHub, integrant des outils SAST et DAST. Concevoir et implanter des architectures cloud securisees dans Azure et AWS, en conformite avec les normes de l'industrie. Creer et gerer une infrastructure securisee en tant que code (IaC) avec Terraform; effectuer des revues de code pour valider les controles de securite. Offrir du soutien en securite pour des plateformes comme Databricks, WordPress et les outils de tests fonctionnels (ex. : Postman). Developper des scripts et outils en Python pour automatiser les operations de securite, les tests et la surveillance.

Qualifications requises :

3 ans ou plus d'experience en DevSecOps, securite cloud ou securite applicative. Excellentes competences en communication, collaboration et gestion des parties prenantes. Capacite a evaluer et prioriser les vulnerabilites en fonction du risque. Connaissance pratique des outils DAST, SAST, de l'analyse de vulnerabilites et des processus de correction. Experience concrete avec GitHub, Terraform, Azure, AWS et Python. Connaissance de la securisation de WordPress et de la gestion des plugins. Bonne comprehension des cadres OWASP, NIST et des benchmarks CIS. Integration d'outils de securite dans les flux de travail DevOps. Experience avec les tests API a l'aide de Postman. Connaissance des outils de securite pour conteneurs (ex. : Docker, Kubernetes).

Atouts :

Bilinguisme (francais et anglais). Experience dans un environnement international ou multinational. Certifications en securite pertinentes (CISSP, CCSP, AWS Certified, Microsoft Certified, etc.).
Veuillez noter que toute offre d'emploi sera conditionnelle a une verification des antecedents, y compris du casier judiciaire.

La majorite de notre clientele et une grande partie de nos employes sont en dehors du Quebec

---

DevSecOps Specialist

Reporting to the Vice President of Cyber Security & IT Compliance, the DevSecOps Specialist will play a pivotal role in securing MTY's expansive digital ecosystem and emerging technology initiatives. This position requires close collaboration with cross-functional teams to ensure security is embedded into every phase of the software development lifecycle (SDLC). Key responsibilities include areas such as API security, web application security testing, and Infrastructure-as-Code (IaC).

Benefits:

3 weeks of vacation; 5 days of flexible leave; $2000 reimbursement for professional order costs and continuing education requirements; Flexible working hours; Half-day available every Friday year-round; Company health and dental plans, with an additional $300 personal wellness expense account; Employee assistance program with access to a wide range of services from mental health to legal and financial counseling; Monthly company-wide recognition awards with quarterly and annual winners; Company social events, including but not limited to webinars, quarterly town halls, and fun activities for all; Casual dress code; Free parking at the office.

Key Responsibilities

Foster strong relationships with stakeholders across the organization, including Web Operations, Marketing, Data & Analytics, and IT Infrastructure teams. Work closely with stakeholders to promote secure coding practices and champion DevSecOps culture. Identify and prioritize security misconfigurations and vulnerabilities using a risk-based approach. Conduct and automate security testing for web applications (including those built on WordPress), with a focus on OWASP Top 10 vulnerabilities and secure API design principles. Design and execute automated security tests for RESTful APIs; collaborate with development teams on remediation strategies. Maintain secure CI/CD pipelines in Github with integrated SAST and DAST tools. Design and implement secure cloud architectures and controls in Azure and AWS, ensuring adherence to industry standards and regulatory requirements. Build and manage secure IaC using Terraform; conduct code reviews and validate security controls are properly implemented. Provide security guidance and support for platforms such as Databricks, WordPress, and functional testing tools such as Postman. Develop scripts and tooling in Python to automate security operations, testing, and monitoring.

Required Qualifications

3+ years of experience in a DevSecOps, Cloud Security, or Application Security role. Excellent communication, collaboration, and stakeholder management abilities. Ability to prioritize security vulnerabilities to effectively manage cyber risk. Proven understanding of DAST, SAST, vulnerability scanning, and remediation workflows. Strong hands-on experience with GitHub, Terraform, Azure, AWS, and Python. Familiarity with WordPress security hardening and plugin management. Solid knowledge of security frameworks such as OWASP, NIST, and CIS Benchmarks. Experience integrating security tools into DevOps workflows. Practical experience with API testing using tools like Postman. Knowledge of container security and orchestration tools (e.g., Docker, Kubernetes).

Preferred Qualifications

Bilingual (English and French) proficiency. Experience in a global or multinational business environment. Relevant security certifications (CISSP, CCSP, AWS Certified, Microsoft Certified, etc.)
Please note that any offer of employment will be conditional upon a background check, including a criminal record check.

The majority of our clients and a large proportion of our employees are outside Quebec

Job Types: Full-time, Permanent

Benefits:

Dental care Flexible schedule On-site parking Profit sharing Vision care
Work Location: Hybrid remote in Saint-Laurent, QC H4S 1M5