About This Role

• About the Role 

  We are seeking a dynamic security professional who not only can lead vulnerability management efforts but who also thrives on integrating security into every stage of the software development lifecycle. In this role, you will serve as both an individual contributor and a vital team player, championing the adoption of DevSecOps best practices. You will leverage GitHub Advanced Security to safeguard our code and Microsoft Sentinel SIEM to continuously monitor and respond to threats across our environment. If you’re passionate about marrying development and security and driving proactive risk remediation, we want to hear from you. 

  Key Responsibilities 

  Vulnerability Management & Remediation: 

  • Coordinate and manage timely remediation of security vulnerabilities across a variety of technologies and platforms. 

  • Identify, resolve, and document false positives within vulnerability assessment results. 

  • Oversee weekly, monthly, and ad hoc vulnerability assessments on servers, endpoints, network assets, public-facing systems, and databases using tools like Rapid7, Burp Suite, GHAS and Qualys. 

  • Manage scan configurations—including asset grouping, updating scan templates and engine pools, and scheduling scans—and troubleshoot issues such as authentication failures or asset misconfigurations. 

  Tool & Process Integration: 

  • Deploy and maintain comprehensive vulnerability management tools (e.g., Qualys, Rapid7 architecture, scan engines, collector servers, agents, and query builders). 

  • Collaborate with vendors and internal teams to ensure seamless tool integrations, support ticket management, and continuous improvement of scanning processes. 

  DevSecOps Implementation: 

  • Integrate security practices into CI/CD pipelines by embedding automation and agile scanning tools throughout the development lifecycle. 

  • Apply DevSecOps methodologies to continuously monitor, detect, and remediate vulnerabilities as part of the development process, ensuring that security is an intrinsic part of the software lifecycle. 

  GitHub Advanced Security: 

  • Utilize GitHub Advanced Security to perform code scanning and ensure that vulnerabilities are identified and communicated early in the development cycle. 

  • Collaborate closely with development teams to remediate issues identified by GitHub Advanced Security and to implement best practices for secure coding. 

   

  Security Monitoring with Microsoft Sentinel SIEM: 

  • Utilize Microsoft Sentinel SIEM for continuous security monitoring by configuring alerts, correlating log data, and analyzing potential security incidents. 

  • Investigate alerts and security incidents, providing detailed documentation and remediation action plans. 

  Collaboration & Stakeholder Engagement: 

  • Work with application teams and business unit owners to generate risk assessments and submit risk letters aligned with the organization’s IT Security and Risk Management Framework. 

  • Coordinate with core network, endpoint, and server teams to address patching priorities, target patch levels, and specific CVEs associated with identified vulnerabilities. 

  Compliance & Continuous Improvement: 

  • Keep up-to-date with the Common Vulnerability Scoring System (CVSS) and web application vulnerability assessment methodologies. 

  • Demonstrate hands-on expertise with DAST, SAST, and SCA tools while continuously seeking opportunities to refine and enhance overall security posture. 

  Required Skills & Qualifications 

  Experience: 

  • Minimum of 3 years of direct experience handling vulnerability management tools (Rapid7, Burp Suite, GHAS, Qualys, Azure DevSecOps, Microsoft Sentinel, etc.) and 5 to 8 years in the information security domain. 

  • Proven track record in implementing and managing DevSecOps practices across development pipelines. 

  Technical Expertise: 

  • Strong working knowledge of vulnerability assessments, scan configurations, and management of related tools. 

  • Demonstrated expertise with GitHub Advanced Security for code vulnerability scanning and remediation. 

  • Proficiency in leveraging Microsoft Sentinel SIEM for threat monitoring, event correlation, and incident response. 

  Certifications (Required): 

  • Certified Ethical Hacker 

  • Rapid7 Certified Administrator 

  • Qualys Certification 

  • Azure DevSecOps 

  • Microsoft Certified: Cybersecurity Architect Expert 

  • GitHub Advanced Security Certification 

  • Additional certifications such as Security+ or ITIL are advantageous; relevant DevSecOps credentials are a plus. 

  Additional Attributes: 

  • Excellent teamwork and communication skills with a proactive mindset geared toward continuous process improvement. 

  • Capacity to effectively collaborate with cross-functional teams, vendors, and business unit owners while driving results in a fast-paced environment. 

  • Applicants must be physically present in Canada and be Canadian citizens or permanent residents; this role is not open to candidates on a Work Visa/Work Permit

  Why Join Us? 

  In this pivotal role, your expertise in both traditional vulnerability management and modern DevSecOps practices will directly influence our security posture. By embedding advanced tools like GitHub Advanced Security and Microsoft Sentinel SIEM into our daily operations, you will play a critical role in fortifying our digital infrastructure while fostering a culture of proactive security. 

  If you’re driven to innovate at the intersection of development and security, eager to lead cutting-edge initiatives, and ready to make a lasting impact, we encourage you to apply. 

   

Position Type                       

CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements of the role will be contacted.

Equal Opportunity Employer 

CAE is an equal opportunity employer committed to providing equal employment opportunities to all applicants and employees without regard to race, nationality, colour, religion, sex, gender indentity and expression, sexual orientation, disability, neurodiversity, veteran status, age, or other characteristics protected by local laws.

If you don't see yourself fully reflected in every job requirement listed in the job posting, we still encourage you to reach out and apply. At CAE, everyone is welcome to contribute to our success. Applicants needing reasonable accommodations should contact their recruiter at any point in the recruitment process.  If you need assistance to submit your application because of incompatible assistive technology or a disability, please contact us at CAECarrieres-Careers@cae.com