DevSecOps & Application Security Analyst
DevSecOps & Application Security Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
About This Role
About the Role
We are seeking a dynamic security professional who not only can lead vulnerability management efforts but who also thrives on integrating security into every stage of the software development lifecycle. In this role you will serve as both an individual contributor and a vital team player championing the adoption of DevSecOps best practices. You will leverage GitHub Advanced Security to safeguard our code and Microsoft Sentinel SIEM to continuously monitor and respond to threats across our environment. If youre passionate about marrying development and security and driving proactive risk remediation we want to hear from you.
Key Responsibilities
Vulnerability Management & Remediation:
Coordinate and manage timely remediation of security vulnerabilities across a variety of technologies and platforms.
Identify resolve and document false positives within vulnerability assessment results.
Oversee weekly monthly and ad hoc vulnerability assessments on servers endpoints network assets public-facing systems and databases using tools like Rapid7 Burp Suite GHAS and Qualys.
Manage scan configurationsincluding asset grouping updating scan templates and engine pools and scheduling scansand troubleshoot issues such as authentication failures or asset misconfigurations.
Tool & Process Integration:
Deploy and maintain comprehensive vulnerability management tools (e.g. Qualys Rapid7 architecture scan engines collector servers agents and query builders).
Collaborate with vendors and internal teams to ensure seamless tool integrations support ticket management and continuous improvement of scanning processes.
DevSecOps Implementation:
Integrate security practices into CI/CD pipelines by embedding automation and agile scanning tools throughout the development lifecycle.
Apply DevSecOps methodologies to continuously monitor detect and remediate vulnerabilities as part of the development process ensuring that security is an intrinsic part of the software lifecycle.
GitHub Advanced Security:
Utilize GitHub Advanced Security to perform code scanning and ensure that vulnerabilities are identified and communicated early in the development cycle.
Collaborate closely with development teams to remediate issues identified by GitHub Advanced Security and to implement best practices for secure coding.
Security Monitoring with Microsoft Sentinel SIEM:
Utilize Microsoft Sentinel SIEM for continuous security monitoring by configuring alerts correlating log data and analyzing potential security incidents.
Investigate alerts and security incidents providing detailed documentation and remediation action plans.
Collaboration & Stakeholder Engagement:
Work with application teams and business unit owners to generate risk assessments and submit risk letters aligned with the organizations IT Security and Risk Management Framework.
Coordinate with core network endpoint and server teams to address patching priorities target patch levels and specific CVEs associated with identified vulnerabilities.
Compliance & Continuous Improvement:
Keep up-to-date with the Common Vulnerability Scoring System (CVSS) and web application vulnerability assessment methodologies.
Demonstrate hands-on expertise with DAST SAST and SCA tools while continuously seeking opportunities to refine and enhance overall security posture.
Required Skills & Qualifications
Experience:
Minimum of 3 years of direct experience handling vulnerability management tools (Rapid7 Burp Suite GHAS Qualys Azure DevSecOps Microsoft Sentinel etc.) and 5 to 8 years in the information security domain.
Proven track record in implementing and managing DevSecOps practices across development pipelines.
Technical Expertise:
Strong working knowledge of vulnerability assessments scan configurations and management of related tools.
Demonstrated expertise with GitHub Advanced Security for code vulnerability scanning and remediation.
Proficiency in leveraging Microsoft Sentinel SIEM for threat monitoring event correlation and incident response.
Certifications ():
Certified Ethical Hacker
Rapid7 Certified Administrator
Qualys Certification
Azure DevSecOps
Microsoft Certified: Cybersecurity Architect Expert
GitHub Advanced Security Certification
Additional certifications such as Security or ITIL are advantageous; relevant DevSecOps credentials are a plus.
Additional Attributes:
Excellent teamwork and communication skills with a proactive mindset geared toward continuous process improvement.
Capacity to effectively collaborate with cross-functional teams vendors and business unit owners while driving results in a fast-paced environment.
Applicants must be physically present in Canada and be Canadian citizens or permanent residents; this role is not open to candidates on a Work Visa/Work Permit
Why Join Us
In this pivotal role your expertise in both traditional vulnerability management and modern DevSecOps practices will directly influence our security posture. By embedding advanced tools like GitHub Advanced Security and Microsoft Sentinel SIEM into our daily operations you will play a critical role in fortifying our digital infrastructure while fostering a culture of proactive security.
If youre driven to innovate at the intersection of development and security eager to lead cutting-edge initiatives and ready to make a lasting impact we encourage you to apply.
Position Type
RegularCAE thanks all applicants for their interest. However only those whose background and experience match the requirements of the role will be contacted.
Equal Opportunity Employer
CAE is an equal opportunity employer committed to providing equal employment opportunities to all applicants and employees without regard to race nationality colour religion sex gender indentity and expression sexual orientation disability neurodiversity veteran status age or other characteristics protected by local laws.
If you dont see yourself fully reflected in every job requirement listed in the job posting we still encourage you to reach out and apply. At CAE everyone is welcome to contribute to our success. Applicants needing reasonable accommodations should contact their recruiter at any point in the recruitment process. If you need assistance to submit your application because of incompatible assistive technology or a disability please contact us at
Required Experience:
IC
Employment Type
Full-Time
