Canadian National Railway: Specialist Devsecops

  • Company:
  • Location:
  • Salary:
    negotiable / month
  • Job type:
  • Posted:
    1 week ago
  • Category:

At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T;) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!Job This role will also be involved in the definition of DevSecOps practices, secure development, and process evaluation. As a DevSecOps specialist you will work collaboratively with the continuous integration and software engineering teams to deliver and operate development & test systems. You will help automate and streamline product operations and processes; build and maintain tools for deployment, monitoring and operations; and troubleshoot / resolve issues in our development, test and production environments and act on occasion in the role of a key systems administrator for various DevOps systems.Main DevSecOpsManage shared systems and services, docker orchestrator, service registry, secrets management and more.Write production-quality tools to reduce toil for the engineering team and help automate the technical ecosystem to help us scale.Assist other teams to utilize our observability tools and scripts to debug production systems.Help shape the technologies used to solve some of our fundamental challenges (e.G. CI/CD, container orchestration, logging, security, etc.) ExperienceMinimum 7 years overall work experience5+ years’ experience in Software Development, DevOps, and CloudExperience designing, configuring, and deploying DevOps systems and toolsKnowledge of container security, especially Kubernetes, an assetMulti- cloud experience including AWS, Azure, and Google Cloud Platform, an assetExperience with Agile and SAFe methodologies, an assetExperience with the duties required of a SRE, an assetEducation/Certification/DesignationBachelor’s or master’s degree in Computer Science, Computer Engineering, Electrical Engineering, or another relevant fieldDevOps Certification an assetAzure certification an assetGoogle certification an assetSecurity certification: e.G. Certified Information Systems Security Professional (CISSP), Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), GIAC Cloud Security Automation (GCSA), etc. an assetGeneral Skills and CompetenciesAbility to define and organise an architecture security apparatus in reusable building blocks: patterns, services, components, capability models, etc.Demonstrated capability to understand the security implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablementAbility to derive security requirements from vaguely formulated business needsAbility to interact with a broad cross-section of personnel to explain and enforce security measuresExcellent written and verbal communication skillsDetail-oriented self- starter with a high level of commitment and personal motivationKnack for prioritizing tasks and working in a fast-paced environmentTechnical SkillsStrong knowledge of the processes, methodologies, tools and techniques, used for building large information technology systems in private and public cloudsKnowledge of standards, regulations and legislation governing Information Security, e.G. NIST, ISO 27001, OWASPKnowledge of general IT security architecture and technologies including: service-oriented- architectures, mobile technologies including Mobile Device Management (MDM), data-centric design, advanced analytics, AI, Identity and Access Management (IAM) lifecycles, Digital Forensics, End Point Encryption, Encryption Key Management, Database Security, Enterprise Directory Services, IDS, IPS, Next Generation Firewall, Application Firewall, Enterprise Password Vaults, Cloud SaaS /PaaS/IaaS Security, SIEM, etc., an assetUnderstanding of securing APIs, an assetKnowledge of container security, especially Kubernetes, an assetAdditional SkillsFluent in two or more of the following programming languages Python, Go, PowerShell, and BashStrong knowledge of CI/CD tools (Azure DevOps, Jenkins, GitHub Actions, etc.)Strong knowledge of Docker and creation/maintenance of dockerfilesStrong knowledge of Kubernetes and creation/maintenance of Kubernetes manifestsExperience with Helm and TerraformExperience with Secret Managers (i.E. HashCorp Vault, Azure Key Vault, Google Cloud Key Management, etc.)Experience in designing multistage pipeline flows including CI/CD/CTExperience in administering Linux and Windows systemsExperience with security tooling and Identity and Access Management (IAM) including RBACExperience programing using API (RESTful, gRPC, GraphQL, etc.)Familiar with backend server architectures using Service Oriented Architecture or Micro-services design methodologiesAbility to accurately estimate efforts of the tasks assignedAbility to work on multiple projects in parallel and meet deliverables datesVery good technical documentation skillsStrong communication, influencing and presentation skillsLeadership skills and ability to influence and guide others on integration and technical mattersProven experience delivering technology projects involving multiple partiesKnowledge of IT security principlesAbility to clarify requirements and ensure solution meets business needsStrong systems engineering knowledgeAbility to estimate efforts and costs required for deliveryStrong sense or prioritization for meeting deadlinesStrong knowledge how to monitor application and infrastructureKnowledge in logs management, application monitoring, infrastructure monitoringKnowledge of monitoring and logging for containers and orchestrators.Strong knowledge in cloud computing (Azure, Google)Knowledge of networking, security, and protocolsKnowledge of OAuth 2.0 OpenID Connect (OIDC) and SAML 2.0 a plus.IoT experience a plus CN As a leading North American transportation and logistics company, CN is a true backbone of the economy. With a team of approximately 25,000 railroaders, our focus is on moving both our company and the economy forward. We transport US$200 billion worth of goods annually for a wide range of business sectors from resource to manufactured products to consumer goods, across a 20,000-mile network spanning Canada and mid-America. CN is the only Canadian company listed in the Transportation and Transportation Infrastructure sector of the Dow Jones Sustainability World Index (DJSI). Launched in 1999, the DJSI World represents the gold standard for corporate sustainability. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.For internal candidates, note that the grade level of the position will depend on the employee’s experience. CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.