DevSecOps Engineering Specialist – Cloud Security Automation

Location: Montreal
Bilingual: French/English

Security isn’t a bolt-on-it’s built in. We’re seeking a DevSecOps Engineer who brings a security-first mindset to modern software and infrastructure delivery. At CGI, you’ll work across teams to integrate security seamlessly into cloud-native workflows. You will collaborate with cross-functional teams and work hands-on in designing, building, and enhancing cloud-based architectures, engineering standards, and operational excellence strategies. This role will place you at the heart of innovation, where your deep technical knowledge and strategic thinking will have a tangible impact on both our clients and CGI's future cloud initiatives. If you're a proven leader in your field and ready to shape the future of cloud technology in a dynamic, client-facing environment, we want to hear from you. This is your opportunity to work with cutting-edge technologies, influence industry-leading transformations, and be part of a collaborative, innovative team at CGI.

Who are You?
You don’t just spot vulnerabilities-you prevent them. You automate checks, embed policy into code, and champion security from the first line of YAML. You’re as comfortable in a security review as you are in a pipeline file. You are a strong communicator, equally comfortable in high-level strategic conversations and low-level technical design discussions. You understand what it takes to bridge gaps between business goals and technical execution. With a mindset rooted in continuous learning, you champion modernization, automation, and pragmatic transformation. You are trusted by stakeholders for your sound judgment, admired by peers for your depth of knowledge, and valued by teams for your ability to elevate the work around you. At CGI, we recognize top talent and give it the space and support to thrive.

• Embed security into CI/CD workflows, IaC, and runtime environments. This includes close collaboration with teams to ensure best practices are shared and adopted.
• Implement scanning tools (SAST, DAST, secret detection) in pipelines. This includes close collaboration with teams to ensure best practices are shared and adopted.
• Work with developers to improve secure coding practices. This includes close collaboration with teams to ensure best practices are shared and adopted.
• Design and enforce security controls using cloud-native services. This includes close collaboration with teams to ensure best practices are shared and adopted.
• Collaborate with security, compliance, and DevOps teams on shared goals. This includes close collaboration with teams to ensure best practices are shared and adopted.

• 3+ years in cloud security or DevSecOps roles. A commitment to continuous improvement and a drive to stay at the forefront of industry trends is essential.
• Hands-on with AWS, Azure, or GCP security tools. A commitment to continuous improvement and a drive to stay at the forefront of industry trends is essential.
• Knowledge of container and serverless security practices. A commitment to continuous improvement and a drive to stay at the forefront of industry trends is essential.
• Fluent in French and English. A commitment to continuous improvement and a drive to stay at the forefront of industry trends is essential.
• Strong scripting and automation skills (Python, Bash, etc.). A commitment to continuous improvement and a drive to stay at the forefront of industry trends is essential.

Proficiency with the following or similar technologies is required or strongly preferred:
• Security scanning and compliance tools integrated with CI/CD pipelines (e.g., SonarQube, Snyk)
• Secrets management tools (e.g., Vault, AWS Secrets Manager)
• DevOps toolchains supporting secure delivery (e.g., GitLab, Jenkins, Azure DevOps)
• Cloud security and compliance platforms (e.g., Azure Security Center, GCP SCC)
• Expertise in implementing DevSecOps pipelines using tools like GitLab, Jenkins, or Azure DevOps.
• Familiarity with secrets management tools like HashiCorp Vault or AWS Secrets Manager.
• Experience conducting threat modeling and security risk assessments.
• Knowledge of compliance frameworks (SOC2, ISO27001, GDPR).

#LI-AB19

Use of the term ‘engineering’ in this job posting refers to the technical sense related to Information Technology (IT) and does not imply that the individual practices engineering or possesses the requisite license as prescribed by the applicable provincial or territorial engineering regulator. We are seeking individuals with expertise in IT engineering-related functions, but licensure from an engineering regulator is not a prerequisite for this position. Engineering is a regulated profession in Canada which is restricted in terms of use of titles and designation.

• AWS DevOps Engineer
• Azure DevOps
• Python

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.

Come join our team-one of the largest IT and business consulting services firms in the world.