Jr DevSecOps Engineer

We are hiring for this position out of our Toronto, Vancouver and Calgary offices. Successful candidates who apply outside of these areas will be expected to relocate and reside in a location that is within a commutable distance.

About the role:

This is an execution-focused engineering role on the DevSecOps team. You'll work directly alongside the Senior DevSecOps Engineer and Team Lead, building real security tooling, maintaining production pipelines, and learning how security engineering works inside a federally regulated financial institution. The expectation isn't that you know everything — it's that you're technically sharp, genuinely curious, and ready to grow fast in a high-trust environment.

About the day-to-day:

Hands-on engineering (\~50%)

• Build and maintain security integrations within CI/CD pipelines: SAST/DAST tooling, secrets scanning, dependency checks, and container image scanning.
• Write and maintain Terraform modules under senior review: contribute to the IaC library, fix drift, and help enforce module standards.
• Automate security tasks in Python and Bash: evidence collection scripts, alert enrichment, scheduled scans, and reporting automation.
• Support the supply-chain security program: SBOM generation, dependency pinning, and build artifact management.
• Help implement and maintain policy-as-code configurations — learning enforcement patterns at PR-time, pipeline-time, and deploy-time.
• Maintain and improve runbooks for the team's operational procedures and on-call scenarios.

Detection and security operations (\~30%)

• Monitor and triage security alerts from Microsoft Sentinel, AWS Security Hub, and Azure Defender for Cloud under senior guidance.
• Contribute to incident response investigations: log analysis, timeline reconstruction, and evidence handling.
• Help tune detection rules and reduce alert noise — learn to write and modify KQL queries in Sentinel.
• Support audit evidence collection: run API-based artifact pulls, validate completeness, and maintain evidence repositories.
• Participate in vulnerability management: track scan results, validate remediations, and update the risk register with senior oversight.

Learning and growth (\~20%)

• Shadow the Senior DevSecOps Engineer on architecture decisions, threat modeling sessions, and stakeholder conversations.
• Work toward a defined certification path as part of your development plan (examples: AZ-500, AWS Security Specialty).
• Join the on-call rotation progressively: start as a shadow, then , then independent as your readiness grows.
• Contribute to team documentation and the Security Centre of Excellence knowledge base.
• Bring questions. This team runs blameless retros and expects engineers at every level to flag what they don't understand.

About the qualifications:

• 1–3 years of experience in a DevOps, DevSecOps, software engineering, or security engineering role — or a strong equivalent: relevant degree with a security or cloud focus, security internships, or demonstrable personal/open-source projects that show hands-on depth.
• Working knowledge of at least one major cloud platform (AWS or Azure). You understand IAM, compute, storage, and networking basics and have built or deployed something real in it.
• Hands-on Terraform experience: can read and write modules, understand state, and debug basic provider errors. You don't need to be an expert — you need to be functional and willing to grow.
• Scripting ability in Python or Bash: can write a functional automation script from scratch.
• Basic CI/CD fluency: understand pipeline stages, artifact handling, environment variables, and why secrets don't belong in code.
• Foundational security knowledge: OWASP Top 10, common vulnerability classes (injection, broken auth, misconfigurations), and how they show up in real systems.
• Core networking concepts: TCP/IP, DNS, TLS/HTTPS, VPCs, subnets, security groups, firewalls — enough to read a network diagram and ask the right questions.
• Someone who communicates clearly in writing, asks good questions, and doesn't wait to be told something is broken.

Nice-to-have / differentiators

• Hub Actions experience: has written or modified a real workflow, not just clicked "re-run."
• Microsoft Sentinel or any SIEM exposure: run a query, investigated an alert, created a basic rule.
• Container basics: Docker, understands image layers, has run an image scan.
• Any active or in-progress certification: CompTIA Security+, AZ-900, AZ-500, AWS Cloud Practitioner, AWS Security Specialty.
• Exposure to compliance or audit processes — SOC 2, PCI-DSS, or any regulated environment — even as a junior participant.
• Familiarity with OSFI B-13 or Canadian financial services regulatory context.
• Exposure to identity and access concepts: OAuth 2.0, OIDC, SAML, or workload identity — even at a "I know what these are" level.

About us:

Peoples Group is a trusted financial services company for the innovators at the forefront of Canada’s economic future. With offices in Vancouver, Calgary and Toronto, we are driving change by working alongside challenger banks, fintechs, brokers, and merchants to foster a dynamic and competitive financial ecosystem.

Our culture is built on four core behaviors: Grit to Grow, Connect to Collaborate, Putting Clients First, and Owning the Outcome. We believe people do not simply choose a company to work for—they choose a company that makes a positive impact in the lives of Canadians. Above all, we value people, build meaningful relationships, focus on individual strengths, and approach our work with passion.

About the work environment:

Peoples Group offers a flexible and hybrid work environment. In this role you will work a combination of in-office and remotely from home. Typically, you'll be working regular business hours, Monday to Friday between 8:00am and 4:30pm with flexibility around start/end times.

We offer:

• A hybrid work environment, enabling you to balance your personal and professional life seamlessly.
• Competitive salaries, profit sharing, RRSP matching and benefits from day one.
• Generous paid time off to help achieve a healthy work-life balance.
• A strengths-based approach, ensuring we work together more effectively.
• A commitment to your well-being in five key areas: Financial, Physical, Social, Career, and Community.

Hiring process:

If your application is selected, you will be invited for a first interview with one of our Talent Acquisition Business Partners. Depending on the role, interviews may be conducted virtually or in-person. The hiring team will communicate any in-person requirements throughout the process.

Compensation:

The expected salary for this role is approximately $90,000 - $100,000 annually. Actual compensation may vary based on experience, skills, and qualifications.

NOTE: This job posting is for an existing vacancy. Peoples Group is an Equal Employment Opportunity employer. Please accept our utmost appreciation for your interest; however, only those applicants under consideration will be contacted.

We value and celebrate individuality while fostering an inclusive workplace for everyone. If there's any way we can support or accommodate you during the selection process, please don't hesitate to let us know.