Jr DevSecOps Engineer

Peoples Group is a trusted financial services company for innovators in Canada’s economic future. They are seeking a Jr DevSecOps Engineer to work alongside the Senior DevSecOps Engineer, focusing on building security tooling, maintaining production pipelines, and enhancing security engineering practices within a federally regulated financial institution.

Responsibilities

• Build and maintain security integrations within CI/CD pipelines: SAST/DAST tooling, secrets scanning, dependency checks, and container image scanning
• Write and maintain Terraform modules under senior review: contribute to the IaC library, fix drift, and help enforce module standards
• Automate security tasks in Python and Bash: evidence collection scripts, alert enrichment, scheduled scans, and reporting automation
• Support the supply-chain security program: SBOM generation, dependency pinning, and build artifact management
• Help implement and maintain policy-as-code configurations — learning enforcement patterns at PR-time, pipeline-time, and deploy-time
• Maintain and improve runbooks for the team's operational procedures and on-call scenarios
• Monitor and triage security alerts from Microsoft Sentinel, AWS Security Hub, and Azure Defender for Cloud under senior guidance
• Contribute to incident response investigations: log analysis, timeline reconstruction, and evidence handling
• Help tune detection rules and reduce alert noise — learn to write and modify KQL queries in Sentinel
• Support audit evidence collection: run API-based artifact pulls, validate completeness, and maintain evidence repositories
• Participate in vulnerability management: track scan results, validate remediations, and update the risk register with senior oversight
• Shadow the Senior DevSecOps Engineer on architecture decisions, threat modeling sessions, and stakeholder conversations
• Work toward a defined certification path as part of your development plan (examples: AZ-500, AWS Security Specialty)
• Join the on-call rotation progressively: start as a shadow, then independent as your readiness grows
• Contribute to team documentation and the Security Centre of Excellence knowledge base
• Bring questions. This team runs blameless retros and expects engineers at every level to flag what they don't understand

Skills

• 1–3 years of experience in a DevOps, DevSecOps, software engineering, or security engineering role — or a strong equivalent: relevant degree with a security or cloud focus, security internships, or demonstrable personal/open-source projects that show hands-on depth
• Working knowledge of at least one major cloud platform (AWS or Azure). You understand IAM, compute, storage, and networking basics and have built or deployed something real in it
• Hands-on Terraform experience: can read and write modules, understand state, and debug basic provider errors. You don't need to be an expert — you need to be functional and willing to grow
• Scripting ability in Python or Bash: can write a functional automation script from scratch
• Basic CI/CD fluency: understand pipeline stages, artifact handling, environment variables, and why secrets don't belong in code
• Foundational security knowledge: OWASP Top 10, common vulnerability classes (injection, broken auth, misconfigurations), and how they show up in real systems
• Core networking concepts: TCP/IP, DNS, TLS/HTTPS, VPCs, subnets, security groups, firewalls — enough to read a network diagram and ask the right questions
• Someone who communicates clearly in writing, asks good questions, and doesn't wait to be told something is broken
• Hub Actions experience: has written or modified a real workflow, not just clicked 're-run.'
• Microsoft Sentinel or any SIEM exposure: run a query, investigated an alert, created a basic rule
• Container basics: Docker, understands image layers, has run an image scan
• Any active or in-progress certification: CompTIA Security+, AZ-900, AZ-500, AWS Cloud Practitioner, AWS Security Specialty
• Exposure to compliance or audit processes — SOC 2, PCI-DSS, or any regulated environment — even as a junior participant
• Familiarity with OSFI B-13 or Canadian financial services regulatory context
• Exposure to identity and access concepts: OAuth 2.0, OIDC, SAML, or workload identity — even at a 'I know what these are' level

Benefits

• A hybrid work environment, enabling you to balance your personal and professional life seamlessly.
• Competitive salaries, profit sharing, RRSP matching and benefits from day one.
• Generous paid time off to help achieve a healthy work-life balance.
• A strengths-based approach, ensuring we work together more effectively.
• A commitment to your well-being in five key areas: Financial, Physical, Social, Career, and Community.

Company Overview