DevSecOps Lead

<div class="content-intro"><div> <h2 class="title"><span style="color: rgb(0, 0, 0);">Company Description</span></h2> </div> <div class="wysiwyg"> <p data-renderer-start-pos="1927">Workleap is a Montreal-based tech company on a mission to make work simpler.<br><br>Since 2006, we’ve been building game-changing products that tackle HR and IT’s biggest challenges.<br><br>Workleap operates two distinct product lines:</p> <ul> <li>The <a class="WbyHvGfDqgqsCjBqgKhmFsRRfaAckZcfqc " href="https://workleap.com/platform" target="_blank" data-test-app-aware-link="">Workleap Platform</a>, an AI-powered HR solution designed to drive team performance and boost employee engagement.</li> <li><a class="WbyHvGfDqgqsCjBqgKhmFsRRfaAckZcfqc " href="https://sharegate.com/" target="_blank" data-test-app-aware-link="">ShareGate</a>, the leading Microsoft 365 migration and governance solution, trusted by IT professionals worldwide for its unmatched simplicity.</li> </ul> <p data-renderer-start-pos="1927">Today, more than 20,000 companies rely on Workleap products to grow, lead, and operate with confidence.<br><br>We’re builders at heart, with a clear purpose: to craft the simplest products that deliver exceptional value for our customers. Period.<br><br></p> </div></div><h3>Job Description</h3> <p><em>So, what will your new role look like?</em></p> <p data-renderer-start-pos="1" data-local-id="3547725be8cb">As a DevSecOps Lead, you will be an operational individual contributor responsible for embedding security directly into our products, pipelines, and development workflows — with a focus on CI/CD, C#/.NET applications, Azure, and AI-driven software delivery. This is a deeply technical role where you will write code, build tooling, and work closely with developers to ensure security is a natural part of how we build and ship software.</p> <p data-renderer-start-pos="364" data-local-id="030b654110ac">You will join the AI-<span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">SDLC</span></span></span> team, which builds internal platforms and tooling that enable AI agents to operate across the development lifecycle. Your mission will be to ensure that security is integrated from the ground up across these tools, pipelines, and agentic workflows—enabling secure-by-default product development at scale.</p> <p data-renderer-start-pos="696" data-local-id="b0e32d70f01e">Responsibilities</p> <ul> <li data-renderer-start-pos="716" data-local-id="51b1a2b86193">Ensure security is embedded into CI/CD pipelines by delivering scalable, automated tooling and integrated security checks (<span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">SAST</span></span></span>, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">DAST</span></span></span>, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">SCA</span></span></span>, secret scanning);</li> <li data-renderer-start-pos="877" data-local-id="e9751692d398">Enable secure-by-default development by designing and implementing automated, policy-driven security review workflows;</li> <li data-renderer-start-pos="999" data-local-id="ef24664b807a">Establish robust security guardrails within AI-assisted development and agent workflows to reduce risk while maintaining developer velocity;</li> <li data-renderer-start-pos="1143" data-local-id="41e82bad99c6">Reduce risk exposure by proactively identifying, assessing, and driving remediation of application security vulnerabilities;</li> <li data-renderer-start-pos="1271" data-local-id="d029a02e9915">Strengthen application security posture by leading threat modeling and security assessments for new features and architectural changes;</li> <li data-renderer-start-pos="1410" data-local-id="79830769697f">Improve detection and response capabilities through the development of automation, tooling, and streamlined vulnerability management processes;</li> <li data-renderer-start-pos="1557" data-local-id="b06975815530">Elevate cloud and application security by partnering with Infrastructure SecOps to harden Azure environments and deployment practices;</li> <li data-renderer-start-pos="1695" data-local-id="de0a040eaa79">Enhance external security feedback loops by contributing to and scaling the bug bounty program and vulnerability intake processes.</li> </ul> <p><em data-renderer-mark="true">A typical week? </em> &nbsp;</p> <ul> <li data-renderer-start-pos="1848" data-local-id="d3b284b48b7c">Writing code for security tooling, CI/CD configurations, and automated review workflows;</li> <li data-renderer-start-pos="1940" data-local-id="783fab8cd1fc">Designing and refining policy-based security checks in pipelines;</li> <li data-renderer-start-pos="2009" data-local-id="907e556418dc">Building and improving guardrails for AI-assisted development and agent workflows;</li> <li data-renderer-start-pos="2095" data-local-id="3e4c78f0d55b">Participating in architecture and design discussions with engineering teams;</li> <li data-renderer-start-pos="2175" data-local-id="725aabe0d62e">Collaborating with Infrastructure SecOps on shared security initiatives;</li> <li data-renderer-start-pos="2251" data-local-id="c4bfe4a44506">Triaging and prioritizing security alerts and vulnerabilities;</li> <li data-renderer-start-pos="2317" data-local-id="bd3312bae645">Sharing knowledge through pairing, code reviews, and informal coaching.</li> </ul> <p data-renderer-start-pos="3333"><strong data-renderer-mark="true">What does your future team look like?  </strong>&nbsp;</p> <p data-renderer-start-pos="2431" data-local-id="a2be7f56297e">You will join the AI-<span data-highlighted="true" data-vc="highlighted-text">SDLC</span> team, responsible for building the internal platform that enables AI agents to operate across the Workleap and ShareGate development lifecycle. This includes developing agent pipelines, safety mechanisms, and developer-facing tooling.</p> <p data-renderer-start-pos="2693" data-local-id="6244fe41d4a9">You will work closely with Infrastructure SecOps and partner with multiple product teams across the organization. This is a highly collaborative environment where your impact comes from building scalable solutions and making secure development the default for everyone.</p> <p data-renderer-start-pos="3333"><em data-renderer-mark="true">What are the next challenges awaiting your team? </em> &nbsp;</p> <ul> <li data-renderer-start-pos="3016" data-local-id="60ce010aedc4">Scaling automated security practices across a growing portfolio of SaaS products;</li> <li data-renderer-start-pos="3101" data-local-id="8740629681b3">Deepening security integration within GitHub Actions and CI/CD pipelines;</li> <li data-renderer-start-pos="3178" data-local-id="9d149ea10164">Ensuring security guardrails evolve alongside AI-assisted and agentic development workflows;</li> <li data-renderer-start-pos="3274" data-local-id="5adbb316fe0f">Strengthening secure-by-default practices and developer security awareness across teams.</li> </ul> <h3>Qualifications</h3> <ul> <li data-renderer-start-pos="3384" data-local-id="eeb03d4f7f90">8+ years of experience in application security, DevSecOps, or security-focused software development;</li> <li data-renderer-start-pos="3488" data-local-id="7ea5aa1b12ce">Strong software engineering background combined with deep security expertise;</li> <li data-renderer-start-pos="3569" data-local-id="b5fc6f37e064">Deep understanding of web application security principles, OWASP Top 10, and <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">CWE</span></span></span> Top 25;</li> <li data-renderer-start-pos="3661" data-local-id="504d6700022e">Hands-on experience performing secure code reviews in C#;</li> <li data-renderer-start-pos="3722" data-local-id="e0a37c75eb44">Experience building and maintaining security automation in CI/CD pipelines (GitHub Actions preferred);</li> <li data-renderer-start-pos="3828" data-local-id="c8a0f68a3841">Solid understanding of Azure cloud services, infrastructure security, and deployment patterns;</li> <li data-renderer-start-pos="3926" data-local-id="7a9a3a1ef062">Experience integrating <span data-highlighted="true" data-vc="highlighted-text">SAST</span>, <span data-highlighted="true" data-vc="highlighted-text">DAST</span>, <span data-highlighted="true" data-vc="highlighted-text">SCA</span>, and secret scanning tools into development workflows;</li> <li data-renderer-start-pos="4023" data-local-id="2a942959275f">Proficiency in scripting (Python, Bash) for automation and tooling;</li> <li data-renderer-start-pos="4094" data-local-id="4cafeac3d18b">Extensive hands-on experience with AI-assisted and agentic development workflows, with deep expertise in their security implications; recognized for major contributions in this space and driven by strong curiosity to push the boundaries of AI in the <span data-highlighted="true" data-vc="highlighted-text">SDLC</span>;</li> <li data-renderer-start-pos="4353" data-local-id="0a3cb69053d8">Familiarity with authentication protocols such as <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">OIDC</span></span></span>, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">SAML</span></span></span>, and OAuth;</li> <li data-renderer-start-pos="4429" data-local-id="a5e119c2a350">Ability to clearly communicate security risks and trade-offs to both technical and non-technical stakeholders.</li> </ul> <p>&nbsp;</p> <p><strong data-stringify-type="bold">Salary range: $150–180k CAD.</strong><br>This range reflects our Canada-wide compensation scale. Final offers may be adjusted based on the candidate’s region to align with local market conditions.</p> <p>Please note: this position is posted under the title DevSecOps Lead but carries the official title of Application Security Manager within the organization.</p><div class="content-conclusion"><div> <h2 class="title">Who we are</h2> <p>We’re a team of curious minds and bold builders, brought together by a shared drive to make work simpler - and better - for everyone. Challenges fuel our creativity, fast-paced environments keep us sharp, and pushing boundaries is just part of how we operate. We believe the best ideas come from experimentation, rapid learning, and even the occasional discomfort - that’s where growth happens.</p> <p>Since 2006, we’ve been rethinking the way teams work, blending creativity and tech to solve real problems in IT and HR. We move quickly, we learn constantly, and we always keep our customers at the center of what we do. If you're a proactive thinker who takes ownership, loves to collaborate, and isn’t afraid to leap into the unknown - you’ll fit right in.</p> <h2 class="title">Additional Information</h2> </div> <div class="wysiwyg"> <p>At&nbsp;Workleap, we build together, we trust&nbsp;each other,&nbsp;and we support each other in success or failure. You will be able to express yourself, evolve and develop your creativity in an environment&nbsp;that will adapt to your daily life and your needs.&nbsp;&nbsp;</p> <p>We strive to create a healthy and inclusive work environment. This is everyone’s business.&nbsp;</p> <p><strong>Our Candidate Experience Flow at&nbsp;Workleap:&nbsp;</strong><br>Phone Screen - Virtual Interview using Microsoft Teams - Work Sample - Job Offer</p> <p>As a tech-forward company, we leverage AI tools to enhance our recruitment process, while ensuring all hiring decisions remain human-led.</p> <p>We are looking forward to getting to know you!&nbsp;<br><br>By applying to this job, you are confirming that you have read and agree to the terms of our <a href="https://workleap.com/privacy-policy/" target="_blank">privacy policy</a>.</p> <p><br><br>#LI-Remote</p> </div></div>