Vulnerability & DevOps Analyst

About This Role

• Location: Canada 
  Applicants must be physically present in Canada and must be Canadian Citizens or Permanent Residents. This role is not open to candidates on a Work Visa or Work Permit. 

  About the Role 

  We are seeking a proactive and detail-oriented

  Vulnerability & DevOps Analyst to join our growing cybersecurity team. In this hybrid role, you will be responsible for identifying and mitigating system vulnerabilities while enhancing and securing our DevOps infrastructure. Your expertise in threat detection, automation, cloud-native development, and secure coding will be pivotal in maintaining a strong security posture across the organization. 

  Key Responsibilities 

  Vulnerability Management 

  • Conduct regular vulnerability assessments using tools such as Qualys, Rapid7, Burp Suite, and GitHub Advanced Security (GHAS). 

  • Analyze vulnerability scan results and prioritize remediation based on risk, impact, and exploitability. 

  • Collaborate with system and application owners to ensure timely remediation. 

  • Prepare and deliver vulnerability reports and dashboards to stakeholders. 

  • Support patch management processes and identify systems requiring urgent updates. 

  • Conduct code scanning and Software composition analysis using GHAS. 

  • Work with development teams to remediate code issues and implement secure coding practices. 

  • Assist in audits, risk assessments, and compliance activities (ISO 27001, SOC 2, NIST, CMMC, ITAR etc.). 

  • Maintain documentation for vulnerabilities, threats, and mitigation in line with internal and external standards. 

  • Develop and maintain security policies, playbooks, and runbooks. 

  • Stay current with CVSS scoring and application vulnerability methodologies. 

  Cloud Security Posture Management (CSPM) 

  • Manage and optimize Microsoft Defender for Cloud to continuously assess and improve the security of Azure and AWS resources and services. 

  • Monitor and improve Azure & AWS Security Score, ensuring security recommendations are tracked, prioritized, and addressed. 

  • Develop and enforce Azure & AWS Policies and Initiatives to maintain governance and compliance. 

  • Manage security baselines, access controls, key vaults, encryption, and privileged identity management (PIM) across the cloud estate. 

  • Design and implement security configurations for Microsoft 365, Intune, and Entra ID (Azure AD). 

   

   

  DevOps & Secure Infrastructure 

  • Support DevOps infrastructure, including CI/CD pipelines, artifact repositories, and build/deploy automation. 

  • Apply security best practices to infrastructure-as-code (IaC) using Terraform and configuration management. 

  • Implement and manage container security in Docker, Kubernetes, ECS, or OpenShift (including RBAC, network policies). 

  • Support incident response efforts through log analysis and CI/CD pipeline tracing. 

  • Maintain and optimize cloud-native CI/CD workflows in AWS (CodePipeline, CodeBuild), Azure DevOps. 

  • Design, implement, and maintain Microsoft Sentinel for SIEM, including detection logic, correlation rules, and custom alerts. 

  • Perform threat hunting and incident response using Sentinel and ELK Stack (Elasticsearch, Logstash, Kibana). 

  • Build and maintain data pipelines using Logstash for structured log ingestion and visualization in Azure-based analytics. 

  • Administer source control platforms such as GitHub Enterprise, GitLab, or Bitbucket. 

  Stakeholder Collaboration 

  • Partner with app owners and business leaders to conduct risk assessments and submit security exception letters. 

  • Coordinate with infrastructure teams to prioritize patching, align CVE remediation, and enhance endpoint/server hardening. 

  • Collaborate with platform and engineering teams to troubleshoot and secure DevOps workflows. 

  Required Skills & Qualifications 

  • Minimum 3 years in vulnerability management with tools like Rapid7, Qualys, Burp Suite, GHAS. 

  • Minimum 3 years managing DevOps environments with a developer or infrastructure focus. 

  Technical Expertise 

  • Strong knowledge of vulnerability assessments and remediation workflows. 

  • Expertise with GitHub Advanced Security and secure coding practices. 

  • Hands-on experience with Microsoft Sentinel and ELK stack for log analysis and threat detection. 

  • Working knowledge of Terraform and cloud infrastructure automation. 

  Certifications (Required) 

  • Certified Ethical Hacker (CEH) 

  • Rapid7 Certified Administrator 

  • Qualys Certification 

  • Microsoft Certified: Cybersecurity Architect Expert 

  • GitHub Advanced Security Certification 

  Bonus certifications: CompTIA Security+, ITIL, other cyber security credentials. 

  Soft Skills 

  • Strong communication, documentation, and collaboration skills. 

  • Self-starter with a continuous improvement mindset. 

  • Ability to work across diverse teams in a fast-paced, evolving environment. 

   

  Why Join Us? 

  In this pivotal role, you will integrate modern vulnerability management with advanced DevOps practices to drive enterprise security excellence. From optimizing Microsoft Sentinel SIEM and ELK-based pipelines to deploying secure IaC with Terraform and enhancing cloud-native CI/CD, your impact will be visible, strategic, and valued. 

  If you're passionate about working at the intersection of development and cybersecurity, committed to continuous improvement, and ready to make a lasting difference—we want to hear from you. 

  We are seeking a dynamic security professional who not only can lead vulnerability management efforts but who also thrives on integrating security into every stage of the software development lifecycle. In this role, you will serve as both an individual contributor and a vital team player, championing the adoption of DevSecOps best practices. You will leveage GitHub Advanced Security to safeguard our code and Microsoft Sentinel SIEM to continuously monitor and respond to threats across our environment. If you’re passionate about marrying development and security and driving proactive risk remediation, we want to hear from you. 

   

Position Type                       

CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements of the role will be contacted.

CAE is an equal opportunity employer committed to providing equal employment opportunities to all applicants and employees without regard to race, nationality, colour, religion, sex, gender indentity and expression, sexual orientation, disability, neurodiversity, veteran status, age, or other characteristics protected by local laws.

If you don't see yourself fully reflected in every job requirement listed in the job posting, we still encourage you to reach out and apply. At CAE, everyone is welcome to contribute to our success. Applicants needing reasonable accommodations should contact their recruiter at any point in the recruitment process.  If you need assistance to submit your application because of incompatible assistive technology or a disability, please contact us at [email protected]