Junior Cloud Security Engineer
Indexed description
About The Role
This is an execution-focused engineering role on the DevSecOps team. You'll work directly alongside the Senior DevSecOps Engineer and Team Lead, building real security tooling, maintaining production pipelines, and learning how security engineering works inside a federally regulated financial institution. The expectation isn't that you know everything — it's that you're technically sharp, genuinely curious, and ready to grow fast in a high-trust environment.
About The Day-to-day
Hands-on engineering (~50%)
- Build and maintain security integrations within CI/CD pipelines: SAST/DAST tooling, secrets scanning, dependency checks, and container image scanning.
- Write and maintain Terraform modules under senior review: contribute to the IaC library, fix drift, and help enforce module standards.
- Automate security tasks in Python and Bash: evidence collection scripts, alert enrichment, scheduled scans, and reporting automation.
- Support the supply-chain security program: SBOM generation, dependency pinning, and build artifact management.
- Help implement and maintain policy-as-code configurations — learning enforcement patterns at PR-time, pipeline-time, and deploy-time.
- Maintain and improve runbooks for the team's operational procedures and on-call scenarios.
- Monitor and triage security alerts from Microsoft Sentinel, AWS Security Hub, and Azure Defender for Cloud under senior guidance.
- Contribute to incident response investigations: log analysis, timeline reconstruction, and evidence handling.
- Help tune detection rules and reduce alert noise — learn to write and modify KQL queries in Sentinel.
- Support audit evidence collection: run API-based artifact pulls, validate completeness, and maintain evidence repositories.
- Participate in vulnerability management: track scan results, validate remediations, and update the risk register with senior oversight.
- Shadow the Senior DevSecOps Engineer on architecture decisions, threat modeling sessions, and stakeholder conversations.
- Work toward a defined certification path as part of your development plan (examples: AZ-500, AWS Security Specialty).
- Join the on-call rotation progressively: start as a shadow, then , then independent as your readiness grows.
- Contribute to team documentation and the Security Centre of Excellence knowledge base.
- Bring questions. This team runs blameless retros and expects engineers at every level to flag what they don't understand.
- 1–3 years of experience in a DevOps, DevSecOps, software engineering, or security engineering role — or a strong equivalent: relevant degree with a security or cloud focus, security internships, or demonstrable personal/open-source projects that show hands-on depth.
- Working knowledge of at least one major cloud platform (AWS or Azure). You understand IAM, compute, storage, and networking basics and have built or deployed something real in it.
- Hands-on Terraform experience: can read and write modules, understand state, and debug basic provider errors. You don't need to be an expert — you need to be functional and willing to grow.
- Scripting ability in Python or Bash: can write a functional automation script from scratch.
- Basic CI/CD fluency: understand pipeline stages, artifact handling, environment variables, and why secrets don't belong in code.
- Foundational security knowledge: OWASP Top 10, common vulnerability classes (injection, broken auth, misconfigurations), and how they show up in real systems.
- Core networking concepts: TCP/IP, DNS, TLS/HTTPS, VPCs, subnets, security groups, firewalls — enough to read a network diagram and ask the right questions.
- Someone who communicates clearly in writing, asks good questions, and doesn't wait to be told something is broken.
- Hub Actions experience: has written or modified a real workflow, not just clicked "re-run."
- Microsoft Sentinel or any SIEM exposure: run a query, investigated an alert, created a basic rule.
- Container basics: Docker, understands image layers, has run an image scan.
- Any active or in-progress certification: CompTIA Security+, AZ-900, AZ-500, AWS Cloud Practitioner, AWS Security Specialty.
- Exposure to compliance or audit processes — SOC 2, PCI-DSS, or any regulated environment — even as a junior participant.
- Familiarity with OSFI B-13 or Canadian financial services regulatory context.
- Exposure to identity and access concepts: OAuth 2.0, OIDC, SAML, or workload identity — even at a "I know what these are" level.
Our culture is built on four core behaviors: Grit to Grow, Connect to Collaborate, Putting Clients First, and Owning the Outcome. We believe people do not simply choose a company to work for—they choose a company that makes a positive impact in the lives of Canadians. Above all, we value people, build meaningful relationships, focus on individual strengths, and approach our work with passion.
About The Work Environment
Peoples Group offers a flexible and hybrid work environment. In this role you will work a combination of in-office and remotely from home. Typically, you'll be working regular business hours, Monday to Friday between 8:00am and 4:30pm with flexibility around start/end times.
We Offer
- A hybrid work environment, enabling you to balance your personal and professional life seamlessly.
- Competitive salaries, profit sharing, RRSP matching and benefits from day one.
- Generous paid time off to help achieve a healthy work-life balance.
- A strengths-based approach, ensuring we work together more effectively.
- A commitment to your well-being in five key areas: Financial, Physical, Social, Career, and Community.
Compensation
The expected salary for this role is approximately $90,000 - $100,000 annually. Actual compensation may vary based on experience, skills, and qualifications.
NOTE: This job posting is for an existing vacancy. Peoples Group is an Equal Employment Opportunity employer. Please accept our utmost appreciation for your interest; however, only those applicants under consideration will be contacted.
We value and celebrate individuality while fostering an inclusive workplace for everyone. If there's any way we can support or accommodate you during the selection process, please don't hesitate to let us know.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search