DevSecOps Engineer – Software Supply Chain Security

Dev Sec Ops  Engineer

Location:

Toronto, ON

Hybrid (4 days/week onsite)

Experience

Required:

8–10 years

Skill Category:
Digital – Sec Dev Ops

The State Street Cyber Security Architecture & Engineering team is seeking a highly skilled Dev Sec Ops  / Software Supply Chain Security Engineer to support the enterprise rollout of secure software delivery practices. This role focuses on securing the software supply chain across CI/CD pipelines, artifact management, and dependency ecosystems.

• Design and implement software supply chain security strategies
• Secure artifact sourcing from Maven, PyPI, and internal registries
• Manage Artifactory and artifact governance
• Ensure artifact provenance, immutability, and integrity
• Integrate security into CI/CD pipelines
• Support Chainguard implementation and trusted image pipelines
• Drive Dev Sec Ops  adoption across engineering teams
• Develop dashboards, metrics, and governance standards

• 8–12 years of experience in Dev Ops / Dev Sec Ops  (target: 8–10 years)
• Hands‑on experience with CI/CD pipelines
• Strong understanding of software supply chain security
• Experience with Artifactory or Nexus
• Knowledge of SLSA (Supply-chain Levels for Software Artifacts) principles
• Container security experience (Chainguard preferred)
• Cloud experience (AWS and/or Azure)
• Experience with Infrastructure as Code (Terraform, Ansible, Kubernetes)

• Dev Sec Ops
• Software Supply Chain Security
• CI/CD Security Integration
• Artifact Management & Governance