×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Systems Engineer

Sr. DevSecOps Engineer, Information Security

Job in Toronto, Ontario, C6A, Canada
Listing for: Important Group
Full Time position
Listed on 2026-06-14
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Systems Engineer
Salary/Wage Range or Industry Benchmark: 80000 - 100000 CAD Yearly CAD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Sr. DevSecOps Engineer, Information Security )

Overview

We are hiring for this position out of our Toronto, Vancouver and Calgary offices. Successful candidates who apply outside of these areas will be expected to relocate and reside in a location that is within a commutable distance.

About the role

We’re hiring a Senior Dev Sec Ops  Engineer with 8–10+ years of experience, deep multi-cloud expertise (AWS + Azure), strong Terraform and the ability to drive technical strategy across a regulated financial institution. This is a senior individual contributor role. You’ll set technical direction for Dev Sec Ops , partner with the AVP of Corporate Information Security on strategy, mentor and grow the team, and personally own the hardest pieces of work.

You’ll be a primary point of contact for engineering leadership, audit, and external regulators when Dev Sec Ops  topics come up.

Responsibilities
  • Technical leadership and strategy (~30%):
    Build and evolve the Dev Sec Ops  technical strategy across CI/CD, IaC, secure cloud architecture, detection, and compliance automation. Partner with the AVP of Corporate Information Security and the Team Lead, Dev Sec Ops , on the security roadmap; translate risk decisions into engineering work. Collaborate on architecture decisions and ADRs for the Dev Sec Ops  platform. Champion paved roads and golden paths over one-off solutions.

    Lead vendor evaluations and POCs for security tooling. Make the build-vs-buy argument with the data to back it up. Develop and maintain a Security Centre of Excellence for all new products and substantial changes, ensuring security requirements are met before they reach production. Represent Dev Sec Ops  to engineering leadership, audit (internal and external), and regulators on technical questions.
  • Hands-on engineering (~40%):
    Personally architect and build the hardest pieces: the IaC pipeline that gates all production change, the cross-cloud detection fabric, the SBOM/supply-chain integrity program, the secrets management migration. Drive the AWS-to-Azure migration of applications as a senior security engineering owner: design target-state controls in Azure, run gap analysis against AWS, validate equivalence before workload cutover. Architect and review Terraform at scale: module strategy, state isolation, workspace patterns, drift detection, breaking-change management.

    Implement and operate policy-as-code across the SDLC: PR-time, pipeline-time, deploy-time, and runtime enforcement. Lead implementation of supply-chain security: signed builds (Sigstore/cosign), SBOM generation and storage, SLSA-aligned provenance, dependency pinning, runner isolation. Integrate, monitor, and tune SAST/DAST platforms across CI/CD pipelines. Build out Zero Trust patterns: workload identity federation, conditional access, just-in-time access and microsegmentation. Publish and disseminate CI/CD best practices, patterns, and solutions across product engineering teams.
  • Compliance, audit, and risk (~20%):
    Own the threat-modeling program: set the methodology (STRIDE, LINDDUN, attack-tree, MITRE ATT&CK-mapped), train others on it, ensure outputs become real backlog items. Be an engineering owner of control evidence for SOC 2, PCI-DSS and applicable Canadian regulatory expectations. Automate audit evidence collection wherever feasible: replace screenshot-based evidence with API-pulled, signed, dated artifacts. Contribute to the cybersecurity risk register and risk treatment plans;

    partner with GRC and Operational Risk Management. Make the case to regulators and auditors that controls are designed effectively and operating effectively. Stay current on emerging threats and regulatory changes in cloud security, AI, and automation; apply innovative solutions to enhance the security framework.
  • People and team (~10%):
    Mentor Intermediate and Junior Dev Sec Ops  engineers: set development goals, do code reviews that teach, sponsor stretch projects. Build the team's documentation and onboarding so it scales with hires. Contribute to a healthy on-call culture: sustainable rotations, blameless retros, runbook quality.
Nice to have / differentiators
  • Canadian regulated financial services experience (banking, trust company,…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search