Développeur·se DevSecOps - DevSecOps Developer
Remote · Montréal, Quebec, Canada
Job Summary
DevSecOps Developer at Toboggan Labs will embed security into client CI/CD pipelines, automate vulnerability scanning, and harden cloud infrastructure across AWS or Azure. You will design secure IAM architectures with SSO/MFA, integrate security tooling into CI/CD pipelines (SAST, SCA, container image scanning) in GitHub Actions/ArgoCD/Jenkins, and contribute to SOC 2, HIPAA, and ISO 27001 programs. The role may involve technical leadership on certain projects, documenting architectures, and collaborating with client teams to deliver secure, compliant environments. While healthcare/regulatory work is common, projects span multiple sectors. The position is remote-first with office in Montreal and openness to candidates anywhere in the EST±2 timezone in Canada. Qualifications include 5+ years in software development/DevOps/security, hands-on cloud infrastructure experience, strong CI/CD integration skills, identity-provider management (Okta/Azure AD), security and compliance knowledge, excellent communication, adaptability, and potentially client-facing experience. Bonus: experience with container security, Kubernetes, automation scripts, MDM, and relevant certifications.
Required Qualifications
- 5+ years of experience in software development, DevOps, or application security
- hands-on experience with AWS or Azure infrastructure and infrastructure-as-code tools (Terraform, CloudFormation or equivalents)
- strong experience with CI/CD pipelines (GitHub Actions, ArgoCD, Jenkins or equivalents) and integrating security tooling into deployment workflows
- deployed and administered identity providers (Okta or similar) including SSO, MFA, SCIM provisioning, and access governance
- familiar with security best practices for cloud infrastructure (network security, IAM, encryption, vulnerability management)
- familiar with compliance frameworks (SOC 2, HIPAA, ISO 27001 or equivalents)
- excellent communication skills to explain security and infrastructure concepts to varied audiences
- adaptable, autonomous, and comfortable in dynamic client environments
- experience in client-facing roles such as consulting, implementation engineering, or advisory work
- experience with container security, Kubernetes, or cloud-native security tools (Falco, OPA, Trivy, or equivalents)
- security automation using scripts (Python, Bash) or workflow tools
- MDM/endpoint management experience
- relevant certifications (AWS Security Specialty, CKS, CISSP or equivalents)
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.