We arehiring forthis position out of ourToronto,Vancouverand Calgaryoffices.Successful candidates who apply outside of these areas will be expected torelocateandresidein a location that is within a commutable distance.

About the role:

This is an execution-focused engineering role on theDevSecOpsteam.You'llwork directly alongside the SeniorDevSecOpsEngineer and Team Lead, building real security tooling,maintainingproduction pipelines, and learning how security engineering works inside a federally regulated financial institution. The expectationisn'tthat you know everything -it'sthatyou'retechnically sharp, genuinely curious, and ready to grow fast in a high-trust environment.

About the day-to-day:

Hands-on engineering(~50%)

• Build andmaintainsecurity integrations within CI/CD pipelines: SAST/DAST tooling,secretsscanning, dependency checks, and container image scanning.
• Write andmaintainTerraform modules under senior review: contribute to theIaClibrary, fix drift, and help enforce module standards.
• Automate security tasks in Python and Bash: evidence collection scripts, alert enrichment, scheduled scans, and reporting automation.
• Support thesupply-chainsecurity program: SBOM generation, dependency pinning, and build artifact management.
• Help implement andmaintainpolicy-as-code configurations - learning enforcement patterns at PR-time, pipeline-time, and deploy-time.
• Maintain and improve runbooks for the team's operational procedures and on-call scenarios.

Detection and security operations (~30%)

• Monitor and triage security alerts from Microsoft Sentinel, AWS Security Hub, and Azure Defender for Cloud under senior guidance.
• Contribute to incident response investigations: log analysis, timeline reconstruction, and evidence handling.
• Help tune detection rules and reduce alert noise - learn to write and modify KQL queries in Sentinel.
• Support audit evidence collection: run API-based artifact pulls,validatecompleteness, and maintain evidence repositories.
• Participate in vulnerability management: track scan results, validate remediations, and update the risk register with senior oversight.

Learning and growth(~20%)

• Shadow the SeniorDevSecOpsEngineer on architecture decisions, threat modeling sessions, and stakeholder conversations.
• Work toward a defined certification path as part of your development plan (examples: AZ-500, AWS Security Specialty).
• Join the on-call rotation progressively: start as a shadow,then,then independent as your readiness grows.
• Contribute to team documentation and the Security Centre of Excellence knowledge base.
• Bring questions. This team runs blameless retros and expects engineers at every level to flag what theydon'tunderstand.

About the qualifications:

• 1-3 years of experience in a DevOps,DevSecOps, software engineering, or security engineering role - or a strong equivalent: relevant degree with a security or cloud focus, security internships, or demonstrable personal/open-source projects that show hands-on depth.
• Working knowledge of at least one major cloud platform (AWS or Azure). You understand IAM,compute, storage, and networking basics and have built or deployed something real in it.
• Hands-on Terraform experience: can read and write modules, understand state, and debug basic provider errors. Youdon'tneed to be an expert - you need to be functional and willing to grow.
• Scripting ability in Python or Bash:canwrite a functional automation script from scratch.
• Basic CI/CD fluency:understandpipeline stages, artifact handling, environment variables, and why secretsdon'tbelong in code.
• Foundational security knowledge: OWASP Top 10, common vulnerability classes (injection, broken auth, misconfigurations), and how they show up in real systems.
• Core networking concepts: TCP/IP, DNS, TLS/HTTPS, VPCs, subnets, security groups, firewalls - enough to read a network diagram and ask the right questions.
• Someone who communicates clearly inwriting,asks good questions, anddoesn'twaitto be told something is broken.

Nice-to-have / differentiators

• Hub Actions experience: has written ormodifieda real workflow, not just clicked "re-run."
• Microsoft Sentinel or any SIEM exposure: run a query,investigatedan alert,createda basic rule.
• Container basics: Docker, understands image layers, has run an image scan.
• Any active or in-progress certification: CompTIA Security+, AZ-900, AZ-500, AWS Cloud Practitioner, AWS Security Specialty.
• Exposure tocompliance or audit processes - SOC 2, PCI-DSS, or any regulated environment - even as a junior participant.
• Familiarity with OSFI B-13 or Canadian financial services regulatory context.
• Exposure to identity and access concepts: OAuth 2.0, OIDC, SAML, or workload identity - even at a "I know what these are" level.

About the work environment:

Peoples Group offers a flexible and hybrid work environment. In this role you will work a combination of in-office and remotely from home. Typically,you'llbe working regular business hours, Monday to Friday between 8:00am and 4:30pm with flexibility around start/end times.

We offer:

• A hybrid work environment, enabling you to balance your personal and professional life seamlessly.
• Competitive salaries, profit sharing, RRSP matching and benefits from day one.
• Generous paid time off to help achieve a healthy work-life balance.
• Astrengths-based approach,ensuringwe work together more effectively.
• A commitment to your well-being in five key areas: Financial, Physical, Social, Career, and Community.

Hiring process:

If your application is selected, you will be invited for a first interview with one of our Talent Acquisition Business Partners. Depending on the role, interviews may be conducted virtually orin-person. The hiring team will communicate any in-person requirements throughout the process.

Compensation:

The expected salary for this role is approximately$90,000 - $100,000 annually. Actual compensation may vary based on experience, skills, and qualifications.