Specialist, DevOps na Air Canada

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

This position within Air Canada’s DevOps team is responsible for shaping the next generation of secure DevOps capabilities and driving value through strategic investments in automation, CI/CD, and infrastructure as code, and integrated security

This role demands strong expertise in security and automation, along with analytical and strategic thinking to collaborate with Air Canada IT and business unit teams, ensuring solutions meet requirements, align with security standards, and support the technology roadmap.

As a leader, the DevOps Specialist will also mentor and coach team members, contributing to the development of a high-performing DevOps organization and the delivery of robust, scalable solutions.

The ideal candidate will bring extensive experience in designing, implementing, and managing DevSecOps solutions across cloud platforms, with deep knowledge of CI/CD pipelines, container security, vulnerability management, policy as code, and monitoring. This role requires excellent problem-solving skills and the ability to collaborate effectively with cross-functional teams.

Primary goal of the position is, with strong security and automation skills to lead initiatives around the creation and maintenance of hardened container images, secure package management, and ensuring that CI/CD pipelines adhere to industry best practices and internal security policies

Responsibilities:

• Champion and evolve the DevSecOps vision, embedding security as a core principle within CI/CD pipelines and cloud infrastructure
• Architect, implement, and maintain secure AWS environments, ensuring compliance with industry standards and best practices
• Build automation for security controls such as IAM policies, encryption, secrets rotation, and vulnerability patching
• Risk assessments, and security reviews across the SDLC
• Monitor for security incidents, manage incident response, and lead root cause analysis and remediation efforts
• Drive continuous improvement by identifying security gaps and innovating security solutions for cloud-native applications
• Build and maintain hardened base images (e.g., Docker, AMIs) aligned with security benchmarks such as CIS, NIST, and company-specific standards.
• Develop automated mechanisms to scan, update, and patch packages within those images regularly.
• Collaborate with security teams to implement policies into CI/CD pipelines, ensuring code, images, and dependencies are compliant before promotion
• Integrate security tools (e.g., SAST, DAST, SCA, container scanners) into building pipelines and monitor results.
• Establish processes to manage image provenance, SBOM (Software Bill of Materials), Bill of materials SLSA (Supply-chain Levels for Software Artifacts),and 
  artifact trust.
• Automate vulnerability scanning and enforce secure deployment gates.
• Collaborate with developers to remediate findings and improve code security.
• Support threat modeling, risk assessments, and compliance automation.
• Monitor and improve pipeline security metrics.
• Document and communicate secure practices to developers and engineering teams, promoting a security-first culture.

Technical Skills:

• A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
• 5+ years experience with IT technology
• Proven experience with cloud platforms such as AWS, Azure, or Google Cloud.
• Strong knowledge of cloud architecture, networking, and security principles.
• Solid understanding of AWS services: This includes knowledge of core services like S3, EC2, IAM, and services related to governance like CloudTrail, Config, 
  and IAM Identity Center.
• Security expertise: Familiarity with security best practices for the cloud, including encryption, access controls, and incident response procedures.
• Experience with compliance frameworks: Understanding of relevant compliance frameworks like HIPAA, PCI DSS, GDPR, PIPEDA and SOC 2.
• Proven experience in DevSecOps, Cloud Security, or Infrastructure Security.
• Proficiency in scripting and automation (e.g., Bash, Python, Go).
• Hands-on experience with CI/CD platforms (e.g., GitHub Actions, Bitbucket pipeline).
• Deep knowledge of containerization (Docker, Podman) and image scanning tools.
• Familiarity with IaC tools (e.g., Terraform, Ansible) and cloud platforms (AWS, Azure).
• Strong knowledge of secure software development lifecycle (SSDLC).
• Experience with package managers and secure dependency management (e.g., pip, npm, apt, yum). 
  • Knowledge of compliance frameworks and how to operationalize them in cloud environments.
  • Strong communication skills and ability to influence cross-functional teams.
• Hands-on experience with tools like OWASP ZAP, Snyk, SonarQube, Checkmarx, or Fortify.
• Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.

Business Skills:

• Understanding of cloud governance principles: Knowledge of the shared responsibility model, cost optimization strategies, and resource tagging for 
  accountability.
• Communication and collaboration: Ability to communicate effectively with technical and non-technical audiences, collaborate with stakeholders to define 
  governance requirements, and document processes.
• Problem-solving and analytical skills: Ability to identify and address potential security risks, troubleshoot governance issues, and analyze logs for anomalies.
• Project management: Experience in planning, implementing, and monitoring governance initiatives.

Additional Considerations:

• CNCF CKS, AWS Security Specialty, or CompTIA Security+.
• Experience with policy-as-code tools like OPA (Open Policy Agent), Conftest, or Checkov
• Familiarity with container orchestration (Kubernetes) and securing workloads in production.
• Experience with security operations in agile product development environments.
• Exposure to zero-trust security models and cloud-native security architectures.

Conditions of Employment:

• Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.