Vulnerability & DevOps Analyst

1 Year ago • 3 Years + • Cyber Security

Job Summary

Job Description

We are seeking a proactive and detail-oriented Vulnerability & DevOps Analyst to join our growing cybersecurity team. In this hybrid role, you will be responsible for identifying and mitigating system vulnerabilities while enhancing and securing our DevOps infrastructure. Your expertise in threat detection, automation, cloud-native development, and secure coding will be pivotal in maintaining a strong security posture across the organization. Key responsibilities include vulnerability management, cloud security posture management, and supporting DevOps & secure infrastructure. You will also collaborate with stakeholders to ensure security best practices are implemented.
Must have:
  • Minimum 3 years in vulnerability management with tools like Rapid7, Qualys, Burp Suite, GHAS.
  • Minimum 3 years managing DevOps environments with a developer or infrastructure focus.
  • Strong knowledge of vulnerability assessments and remediation workflows.
  • Expertise with GitHub Advanced Security and secure coding practices.
  • Hands-on experience with Microsoft Sentinel and ELK stack for log analysis and threat detection.
  • Working knowledge of Terraform and cloud infrastructure automation.
  • Certified Ethical Hacker (CEH)
  • Rapid7 Certified Administrator
  • Qualys Certification
  • Microsoft Certified: Cybersecurity Architect Expert
  • GitHub Advanced Security Certification
  • Strong communication, documentation, and collaboration skills.
  • Self-starter with a continuous improvement mindset.
  • Ability to work across diverse teams in a fast-paced, evolving environment.
Good to have:
  • CompTIA Security+
  • ITIL
  • other cyber security credentials.

Job Details

About This Role

                                                                                                         

  • Location: Canada 
    Applicants must be physically present in Canada and must be Canadian Citizens or Permanent Residents. This role is not open to candidates on a Work Visa or Work Permit. 

    About the Role 

    We are seeking a proactive and detail-oriented

    Vulnerability & DevOps Analyst to join our growing cybersecurity team. In this hybrid role, you will be responsible for identifying and mitigating system vulnerabilities while enhancing and securing our DevOps infrastructure. Your expertise in threat detection, automation, cloud-native development, and secure coding will be pivotal in maintaining a strong security posture across the organization. 

    Key Responsibilities 

    Vulnerability Management 

    • Conduct regular vulnerability assessments using tools such as Qualys, Rapid7, Burp Suite, and GitHub Advanced Security (GHAS). 

    • Analyze vulnerability scan results and prioritize remediation based on risk, impact, and exploitability. 

    • Collaborate with system and application owners to ensure timely remediation. 

    • Prepare and deliver vulnerability reports and dashboards to stakeholders. 

    • Support patch management processes and identify systems requiring urgent updates. 

    • Conduct code scanning and Software composition analysis using GHAS. 

    • Work with development teams to remediate code issues and implement secure coding practices. 

    • Assist in audits, risk assessments, and compliance activities (ISO 27001, SOC 2, NIST, CMMC, ITAR etc.). 

    • Maintain documentation for vulnerabilities, threats, and mitigation in line with internal and external standards. 

    • Develop and maintain security policies, playbooks, and runbooks. 

    • Stay current with CVSS scoring and application vulnerability methodologies. 

    Cloud Security Posture Management (CSPM) 

    • Manage and optimize Microsoft Defender for Cloud to continuously assess and improve the security of Azure and AWS resources and services. 

    • Monitor and improve Azure & AWS Security Score, ensuring security recommendations are tracked, prioritized, and addressed. 

    • Develop and enforce Azure & AWS Policies and Initiatives to maintain governance and compliance. 

    • Manage security baselines, access controls, key vaults, encryption, and privileged identity management (PIM) across the cloud estate. 

    • Design and implement security configurations for Microsoft 365, Intune, and Entra ID (Azure AD). 

     

     

    DevOps & Secure Infrastructure 

    • Support DevOps infrastructure, including CI/CD pipelines, artifact repositories, and build/deploy automation. 

    • Apply security best practices to infrastructure-as-code (IaC) using Terraform and configuration management. 

    • Implement and manage container security in Docker, Kubernetes, ECS, or OpenShift (including RBAC, network policies). 

    • Support incident response efforts through log analysis and CI/CD pipeline tracing. 

    • Maintain and optimize cloud-native CI/CD workflows in AWS (CodePipeline, CodeBuild), Azure DevOps. 

    • Design, implement, and maintain Microsoft Sentinel for SIEM, including detection logic, correlation rules, and custom alerts. 

    • Perform threat hunting and incident response using Sentinel and ELK Stack (Elasticsearch, Logstash, Kibana). 

    • Build and maintain data pipelines using Logstash for structured log ingestion and visualization in Azure-based analytics. 

    • Administer source control platforms such as GitHub Enterprise, GitLab, or Bitbucket. 

    Stakeholder Collaboration 

    • Partner with app owners and business leaders to conduct risk assessments and submit security exception letters. 

    • Coordinate with infrastructure teams to prioritize patching, align CVE remediation, and enhance endpoint/server hardening. 

    • Collaborate with platform and engineering teams to troubleshoot and secure DevOps workflows. 

    Required Skills & Qualifications 

    • Minimum 3 years in vulnerability management with tools like Rapid7, Qualys, Burp Suite, GHAS. 

    • Minimum 3 years managing DevOps environments with a developer or infrastructure focus. 

    Technical Expertise 

    • Strong knowledge of vulnerability assessments and remediation workflows. 

    • Expertise with GitHub Advanced Security and secure coding practices. 

    • Hands-on experience with Microsoft Sentinel and ELK stack for log analysis and threat detection. 

    • Working knowledge of Terraform and cloud infrastructure automation. 

    Certifications (Required) 

    • Certified Ethical Hacker (CEH) 

    • Rapid7 Certified Administrator 

    • Qualys Certification 

    • Microsoft Certified: Cybersecurity Architect Expert 

    • GitHub Advanced Security Certification 

    Bonus certifications: CompTIA Security+, ITIL, other cyber security credentials. 

    Soft Skills 

    • Strong communication, documentation, and collaboration skills. 

    • Self-starter with a continuous improvement mindset. 

    • Ability to work across diverse teams in a fast-paced, evolving environment. 

     

    Why Join Us? 

    In this pivotal role, you will integrate modern vulnerability management with advanced DevOps practices to drive enterprise security excellence. From optimizing Microsoft Sentinel SIEM and ELK-based pipelines to deploying secure IaC with Terraform and enhancing cloud-native CI/CD, your impact will be visible, strategic, and valued. 

    If you're passionate about working at the intersection of development and cybersecurity, committed to continuous improvement, and ready to make a lasting difference—we want to hear from you. 

    We are seeking a dynamic security professional who not only can lead vulnerability management efforts but who also thrives on integrating security into every stage of the software development lifecycle. In this role, you will serve as both an individual contributor and a vital team player, championing the adoption of DevSecOps best practices. You will leveage GitHub Advanced Security to safeguard our code and Microsoft Sentinel SIEM to continuously monitor and respond to threats across our environment. If you’re passionate about marrying development and security and driving proactive risk remediation, we want to hear from you. 

Position Type                       

Regular

CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements of the role will be contacted.

Equal Opportunity Employer 

CAE is an equal opportunity employer committed to providing equal employment opportunities to all applicants and employees without regard to race, nationality, colour, religion, sex, gender indentity and expression, sexual orientation, disability, neurodiversity, veteran status, age, or other characteristics protected by local laws.

If you don't see yourself fully reflected in every job requirement listed in the job posting, we still encourage you to reach out and apply. At CAE, everyone is welcome to contribute to our success. Applicants needing reasonable accommodations should contact their recruiter at any point in the recruitment process.  If you need assistance to submit your application because of incompatible assistive technology or a disability, please contact us at CAECarrieres-Careers@cae.com

Similar Jobs

rivos - PCB Designer

rivos

Santa Clara, California, United States (On-Site)
3 Years ago
rivos - Thermal/Mechanical Engineer

rivos

Santa Clara, California, United States (Hybrid)
5 Months ago
Visa - Sr. Director, Enterprise & Operational Risk Management

Visa

Atlanta, Georgia, United States (Hybrid)
2 Weeks ago
sony global (Games) - Product & Service Management PIC

sony global (Games)

Shanghai, China (On-Site)
3 Months ago
Epic Games - Senior AI Designer

Epic Games

Cary, North Carolina, United States (On-Site)
3 Months ago
Rackspace Technology - Network Security Engineer III - IN (Professional Services Delivery Engineer III)

Rackspace Technology

Gurugram, Haryana, India (Hybrid)
2 Weeks ago
Rackspace Technology - Security Engineer L3 (Endpoint Security)

Rackspace Technology

Gurugram, Haryana, India (Remote)
4 Months ago
Granicus - Senior Security Analyst

Granicus

Bengaluru, Karnataka, India (Hybrid)
10 Months ago
Morning Star - Security Analyst L1

Morning Star

Mumbai, Maharashtra, India (Hybrid)
1 Year ago
Mozilla - Staff Security Engineer

Mozilla

Canada (Remote)
2 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Sierra - Commercial Counsel

Sierra

San Francisco, California, United States (On-Site)
3 Weeks ago
DNEG - FX TD (DNEG Animation)

DNEG

Mumbai, Maharashtra, India (On-Site)
1 Year ago
Discord - Group Product Marketing Manager, Shop

Discord

California, United States (On-Site)
1 Month ago
Regrello - Software Engineer

Regrello

United States (Hybrid)
2 Years ago
Capgemini - Java

Capgemini

Hyderabad, Telangana, India (On-Site)
3 Months ago
22squared - Sr Media Manager, Digital Investment

22squared

Atlanta, Georgia, United States (Hybrid)
2 Months ago
Tesla - New Product Introduction Engineer, Vehicle

Tesla

Brandenburg, Germany (On-Site)
6 Months ago
NBC Universal - Executive Producer

NBC Universal

Fort Worth, Texas, United States (On-Site)
3 Months ago
Palo Alto Networks - Senior Manager, FP&A - Cloud Delivered Security Services (CDSS)

Palo Alto Networks

Santa Clara, California, United States (On-Site)
2 Weeks ago
Square - Salesperson M/F/D - 10h and 20h on call

Square

Zweibrücken, Rhineland-Palatinate, Germany (On-Site)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Montreal, Quebec, Canada

2K - Senior Gameplay Systems Engineer

2K

Burnaby, British Columbia, Canada (Hybrid)
3 Months ago
Ubisoft - Senior ML Programmer

Ubisoft

Montreal, Quebec, Canada (On-Site)
7 Months ago
Luxoft - Java Team Lead

Luxoft

Toronto, Ontario, Canada (On-Site)
8 Months ago
Super.com - Senior Software Engineer - Full-Stack

Super.com

Canada (Remote)
4 Months ago
Thales - Senior Naval Systems Engineer

Thales

Ottawa, Ontario, Canada (Hybrid)
2 Months ago
Sika Group - Technical Sales Representative - Flooring (Central Region)

Sika Group

Oakville, Ontario, Canada (On-Site)
1 Month ago
Cadence - Lead Verification Engineer

Cadence

Montreal, Quebec, Canada (On-Site)
2 Months ago
Epic Games - Lead Programmer

Epic Games

Montreal, Quebec, Canada (On-Site)
6 Months ago
Side - German - Localization Video Game QA Tester

Side

Montreal, Quebec, Canada (On-Site)
2 Weeks ago
Highspot - Sr. Software Development Engineer, EcoSystems

Highspot

Vancouver, British Columbia, Canada (Hybrid)
2 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Rippling - Senior Security Engineer - Corporate Security

Rippling

San Francisco, California, United States (Remote)
3 Months ago
ARHS - Cloud Engineer / Security and Compliance Specialist

ARHS

Brussels, Brussels, Belgium (Remote)
8 Months ago
Vercel - Software Engineer, CDN Security

Vercel

San Francisco, California, United States (Hybrid)
2 Months ago
Varonis  - Full-Stack engineer - AI Security

Varonis

Herzliya, Tel Aviv District, Israel (Hybrid)
4 Months ago
Zscaler - Senior Staff Devops Engineer (Terraform/Security Solutions)

Zscaler

Bengaluru, Karnataka, India (Hybrid)
2 Months ago
Abridge - Lead Security Engineer

Abridge

New York, New York, United States (Hybrid)
4 Months ago
QS Quacquarelli Symonds  - IT Security Specialist

QS Quacquarelli Symonds

Bengaluru, Karnataka, India (Hybrid)
1 Month ago
Varonis  - PySpark Backend Engineer – AI Security

Varonis

Herzliya, Tel Aviv District, Israel (Hybrid)
1 Month ago
Qualcomm - Senior Staff Security Infrastructure Software Engineer

Qualcomm

Iași, Iași County, Romania (On-Site)
2 Months ago
Motorola solutions - Cybersecurity Sales Account Executive

Motorola solutions

United States (Remote)
2 Weeks ago

Get notifed when new similar jobs are uploaded

About The Company

At CAE, we equip people in critical roles with the expertise and solutions to create a safer world. As a technology company, we digitalize the physical world, deploying simulation training and critical operations support solutions. Above all else, we empower pilots, airlines, defence and security forces to perform at their best every day and when the stakes are the highest. Around the globe, we’re everywhere customers need us to be with more than 13,000 employees in approximately 250 sites and training locations in over 40 countries.


CAE represents more than 75 years of industry firsts—the highest-fidelity flight, mission simulators and training programs powered by digital technologies. We embed sustainability in everything we do. Today and tomorrow, we’ll make sure our customers are ready for the moments that matter.

Tampa, Florida, United States (On-Site)

Montreal, Quebec, Canada (On-Site)

Toluca, State Of Mexico, Mexico (On-Site)

Arlington, Texas, United States (On-Site)

Tampa, Florida, United States (On-Site)

Ottawa, Ontario, Canada (On-Site)

Montreal, Quebec, Canada (On-Site)

Montreal, Quebec, Canada (On-Site)

View All Jobs

Get notified when new jobs are added by CAE

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug