DevSecOps Analyst / Advisor - Snyk Specialist Job Description

Category: Cyber Security

Main location: Canada, Quebec, Montréal

Position ID:J0626-1247

Employment Type: Full Time

Position Description:

Work Mode: Hybrid (2 days/week onsite)

Job Description

We are seeking a DevSecOps Specialist with hands-on experience in the implementation, integration, and operation of the Snyk platform within an enterprise DevSecOps environment. The ideal candidate will help strengthen application security by integrating security controls into CI/CD pipelines, supporting development teams, and ensuring effective vulnerability management.

Key Responsibilities
Deploy, configure, and administer Snyk solutions within an enterprise environment.
Integrate Snyk into CI/CD pipelines, preferably using GitLab CI/CD.
Configure and maintain automated security controls, quality thresholds, and security gates within delivery pipelines.
Support development teams in identifying and remediating security vulnerabilities.
Integrate applications and code repositories into the Snyk platform.
Analyze, assess, and prioritize identified vulnerabilities.
Manage false positives, risk acceptance processes, and remediation workflows.
Develop and maintain security dashboards, KPIs, and reports for stakeholders.
Contribute to the continuous improvement of DevSecOps practices and vulnerability management processes.

Your future duties and responsibilities:

Required Experience
Minimum of 3 years of experience in Application Security, DevSecOps, or administration of DevSecOps tools.
Minimum of 2 years of hands-on experience with Snyk.
Experience with one or more of the following Snyk modules:
Snyk Open Source (Software Composition Analysis - SCA)
Snyk Code (Static Application Security Testing - SAST)
Snyk Container
Snyk Infrastructure as Code (IaC)
Technical Skills
Experience integrating Snyk into CI/CD pipelines, preferably using GitLab CI/CD.
Experience configuring automated security controls, quality gates, and security checks.
Strong understanding of the following concepts:
Software Composition Analysis (SCA)
Static Application Security Testing (SAST)
Container Security
Infrastructure as Code (IaC) Security
Vulnerability Management and Remediation Processes

Required qualifications to be successful in this role:

Desired Hands-On Experience
Integrating and managing applications and repositories within the Snyk platform.
Analyzing, assessing, and prioritizing security vulnerabilities.
Supporting development teams in vulnerability remediation activities.
Managing false positives and risk acceptance processes.
Tracking remediation plans and vulnerability management workflows.
Creating and maintaining security dashboards, metrics, and reporting.
Candidate Profile
Excellent communication and collaboration skills, with the ability to work effectively across multidisciplinary teams.
Ability to clearly communicate security concepts and risks to both technical teams and business stakeholders.
Strong analytical skills, attention to detail, and ability to work independently.
Continuous improvement mindset with a focus on automating security practices and processes.
Compensation

CGI provides a reasonable estimate of the salary range for this position. The compensation range is determined based on various factors, including skills, geographic market, experience, education, professional licenses, and certifications. Compensation decisions are made based on the specific circumstances of each candidate.The estimated salary range for this position is $60,000 to $115,000 CAD.

#LI-AM

Bilingualism (French and English) is required for this position due to the nature of the role requiring interaction with national and global clients.

Skills:

• French
• DevOps
• GitLab
• Infrastructure as a Code
• Quality assurance
• Vulnerability management(IAVM)