New Value Solutions, a national IT consulting company, is seeking a Security Engineer to join our client's DevSecOps team. This is a 7 month contract role focuses on integrating security throughout the software development lifecycle (SDLC), ensuring applications and infrastructure are securely designed, developed, and deployed. You will work alongside DevOps teams to embed secure coding practices, threat modeling, vulnerability management, and compliance monitoring within CI/CD pipelines and cloud environments.

This is a hybrid role requiring that you work 3 days/week onsite in Richmond, BC.

Responsibilities:

• Conduct threat modeling to identify and mitigate risks during design and architecture phases.
• Perform secure design reviews, code reviews, and penetration testing (black/white box).
• Execute SCA, SAST, and DAST analysis using industry-standard tools.
• Integrate security tools and processes within CI/CD pipelines.
• Define and maintain Azure security policies for secure deployment of cloud components.
• Design and implement security building blocks for DevOps-developed products.
• Manage security and risk processes across the entire SDLC.
• Develop and execute security user stories and consultations for product teams.
• Validate and tune security testing tools to ensure accuracy and relevance.
• Guide DevOps teams in embedding secure design practices into their workflow.
• Deliver training on secure coding and hacking techniques to development teams.
• Lead selection, PoC, and operational deployment of security technologies.
• Ensure compliance of application and infrastructure designs with security standards.
• Participate in security incident responses and continuous monitoring throughout SDLC.
• Coach and cross-train internal teams and staff on secure development principles.

Requirements:

• Undergraduate degree in Computer Science or STEM field.
• Minimum of 6 years' experience in progressively complex Security Engineer roles.
• Professional certification such as CISSP, CEH, or equivalent.
• Deep expertise in:
• Threat modeling
• Secure code and design reviews
• Penetration testing for web applications
• Security controls across the application stack
• SCA (Software Composition Analysis), SAST, and DAST tools
• Familiarity with integrating security within CI/CD pipelines.
• Proven experience with Azure security policies and cloud security best practices.

If you have the necessary expertise and are able to work in Canada, please submit your resume. While we thank all candidates in advance for their application, only those shortlisted will be contacted.

ID#:5055

The hourly rate range for this position is $80 - $110, with the final rate based on consultant experience and fit for the role.