DevSecOps Lead

DevSecOps Lead

---

Founded in 1996, Trisotech is a worldwide leader in digital modeling and automation.

We are seeking a dynamic DevSecOps Lead to join our agile R&D team creating industry-leading SaaS software. This person will join a growing multidisciplinary team that create, maintain and operate the various products offered by Trisotech. We are looking for someone that likes to experiment with new technology in a stimulating environment.

The main responsibility of the DevSecOps Lead is integrating security into the software development lifecycle, ensuring that security best practices are embedded in development, deployment, and operational processes. This role focuses on automating security controls, fostering a security-first culture, and enhancing the overall security posture of the organization’s technology infrastructure.

Key Responsibilities:

• Security Integration: Embed security practices within the CI/CD pipeline, ensuring secure development, testing, and deployment.
• Infrastructure development and Maintenance: Develop, execute and maintain the cloud infrastructure.
• Automation & Tooling: Implement security automation tools to detect vulnerabilities, misconfigurations, and compliance issues.
• Collaboration & Training: Work closely with the development team to promote security awareness and best practices.
• Threat Modeling & Risk Assessment: Identify and mitigate security risks in applications, infrastructure, and workflows.
• Incident Response: Lead efforts in detecting, responding to, and mitigating security incidents.
• Compliance & Governance: Ensure adherence to industry security standards and regulatory requirements (e.g., SOC2, FedRAMP, …).
• Performance Monitoring: Define and track key security metrics to continuously improve security practices.
• Cloud Security: Implement and oversee security measures for cloud environments.
• Vulnerability Management: Conduct regular security assessments and manage patching strategies to mitigate risks.
• Policy Development: Establish and maintain DevSecOps policies, guidelines, and frameworks.
• Support Operations IT Needs: Help in daily operational issues with the cloud infrastructure and employees hardware/software.
• Advise clients: Meet with our clients DevSecOps team deploying our solution on their own infrastructure to guide with recommendations.

Required Profile

• Baccalaureate in computer science, software engineering or in a related domain
• 5+ in a DevSecOps position
• Experience with the following technologies: Kubernetes, Google Cloud Platform (GCP), Helm, Git.
• Experience interacting with an agile software development team and providing CI/CD pipelines.

What a typical day may look like

This position is named DevSecOps Lead because you are a one-man army responsible for the production systems of Trisotech. You also rely on the expertise of the development team and colleagues will collaborate on a good number of projects. You manage your agenda and align your projects with the Trisotech leadership. You have a daily touchpoint with the team where you review any ongoing incident or concern, report on progress and align with team priorities. You react to events occurring during the day on the production systems and carry improvement projects. Those projects range on a wide variety of technologies. You could participate in a security audit [Monday], fix vulnerabilities based on a new CVE [Tuesday], test different static code analysis tools [Wednesday], implement a new pipeline [Thursday] to finish the week with helping a client deploy our solution on their AWS cloud.

Location: The candidate must reside in the province of Quebec. Remote work with a few meetings every year at our Laval office.

---

To apply