DevSecOps Engineer

Job Title: DevSecOps Engineer Location: Hybrid (4 days/week onsite)- Toronto, ON 12 Months Contract Experience Required: 8–10 years Skill Category: Digital – SecDevOps Role Overview The Client's Cyber Security Architecture & Engineering team is seeking a highly skilled DevSecOps / Software Supply Chain Security Engineer to support the enterprise rollout of secure software delivery practices. This role focuses on securing the software supply chain across CI/CD pipelines, artifact management, and dependency ecosystems. Key Responsibilities Design and implement software supply chain security strategies Secure artifact sourcing from Maven, PyPI, and internal registries Manage Artifactory and artifact governance Ensure artifact provenance, immutability, and integrity Integrate security into CI/CD pipelines Support Chainguard implementation and trusted image pipelines Drive DevSecOps adoption across engineering teams Develop dashboards, metrics, and governance standards Required Skills & Experience 8–12 years of experience in DevOps / DevSecOps (target: 8–10 years) Hands-on experience with CI/CD pipelines Strong understanding of software supply chain security Experience with Artifactory or Nexus Knowledge of SLSA (Supply-chain Levels for Software Artifacts) principles Container security experience (Chainguard preferred) Cloud experience (AWS and/or Azure) Experience with Infrastructure as Code (Terraform, Ansible, Kubernetes) Essential Skills DevSecOps Software Supply Chain Security CI/CD Security Integration Artifact Management & Governance