Requisition Number:  11660
Position Type:  Term
Position Length:  Until 31 December 2027
Location: 

Ottawa (Downtown), ON, CA

Remote Work:  Hybrid Model
Closing Date:  July 19, 2026 23:59 EST

Equity, Diversity & Inclusion
The Bank is committed to achieving a workforce that reflects the diversity of our country and is representative and inclusive of all Canadians regardless of race, ethnicity, colour, religion, sex, age, disability, sexual orientation, gender identity or expression, socio-economic background or lived experience. By living our values and prioritizing our actions to enhance equity, diversity and inclusion, the Bank ensures broader discussions, better decisions, and a more engaging workplace. 

We make career growth and professional development a priority. We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce.

Let our team know if you need accommodation or support during the recruitment process due to a disability or other reason. We can provide support in multiple ways, from using this site and submitting your application, right through to the interview process. If you are the successful candidate, you can also discuss accommodation needs when you receive your offer.

Contact accessiblecareers@bankofcanada.ca to discuss how.

We invite you to join an organization where differences are seen as strengths and are recognized, valued and respected. We welcome all candidates to apply and strongly encourage candidates to self-identify if they identify with an Employment Equity designated group (Indigenous Peoples, Persons with Disabilities, Women or Racialized/Visible Minorities). 

Senior Cyber Specialist


Take a central role

The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment. 


Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.  


With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers:  Working Here - Bank of Canada

 

Find out more about the next steps in our Recruitment process

 

In addition to the position being staffed, this competition may be used to fill similar opportunities (Regular or Term) that become available at the same job grade. If you’re interested in this type of role, we encourage you to apply.

 

About the position

We are seeking a hands-on Senior Cyber Specialist (DevSecOps) to join the Cyber Division. This role is focused on strengthening the organization’s application security posture by embedding security practices into the software development lifecycle and enabling development teams to deliver secure applications at scale.

 

Working within Cyber and in close partnership with development and DevOps teams, you will play a key role in operationalizing application security tooling and ensuring vulnerabilities identified through these tools are effectively triaged, prioritized, and remediated. You will help development teams distinguish real risk from false positives, manage security backlogs, and drive timely remediation of high-impact issues.

 

What you will do

As a Senior Cyber Specialist, you will work directly with development and DevOps teams to integrate security into the software development lifecycle and reduce exploitable risk in production systems.

 

In addition:

 

Application Security Enablement

  • Embed secure SDLC practices across development teams, including defining guardrails and minimum control expectations
  • Enable and support security testing capabilities (e.g., SAST, SCA, DAST, secrets, container, IaC scanning)
  • Ensure security requirements are integrated into build, test, and release processes

 

Developer Support and Remediation

  • Partner with developers to triage findings and distinguish true risk from false positives
  • Provide actionable remediation guidance, secure coding patterns, and examples
  • Support developer awareness, training, and adoption of secure coding practices

 

Vulnerability and Finding Management

  • Prioritize findings based on risk, exploitability, and business impact
  • Support definition and enforcement of remediation SLAs and backlog management practices
  • Track and report on trends, recurring issues, and aging vulnerabilities

 

DevSecOps Tooling and Automation

  • Integrate security tools into CI/CD pipelines and developer workflows
  • Configure and tune scanning tools to improve signal quality and reduce noise
  • Ensure findings are effectively ingested into developer tools (e.g., Jira, Azure DevOps)

 

Platform and Supply Chain Security

  • Support security practices for containers, CI/CD pipelines, and cloud-native environments
  • Enable secure use of third-party and open-source components (dependency and license risk)
  • Contribute to secure handling of secrets and configuration in pipelines and code

 

Continuous Improvement and Standards

  • Identify opportunities to improve AppSec processes, tooling, and developer experience
  • Contribute to standards, guidance, and reusable security patterns
  • Support measurement and continuous improvement of application security maturity

 

 

What you need to succeed

You are a hands-on security specialist with a strong developer-first mindset. You are comfortable working directly with engineering teams and translating security requirements into practical, actionable solutions.

 

In addition, you have experience with:

  • Application security and secure software development practices
  • Security testing tools (e.g., SAST, SCA, DAST, secrets scanning, container/IaC scanning)
  • DevSecOps and CI/CD pipeline integration (e.g., GitHub, Azure DevOps)
  • Vulnerability management, triage, and remediation workflows
  • Secure coding practices and common vulnerability patterns (e.g., OWASP Top 10)
  • Working with developers to diagnose and resolve security issues
  • Automation and tool configuration/tuning to improve efficiency and effectiveness
  • Containers, cloud-native environments, and third-party dependency risk

 

Nice-to-have

  • Experience implementing security controls in enterprise CI/CD environments
  • Experience establishing remediation SLAs and backlog management practices
  • Experience contributing to AppSec standards, playbooks, or developer guidance
  • Familiarity with security considerations in modern development environments

 

Your education and experience 

Your combined education and work experience demonstrate that you have the competencies required for the position. We are ideally seeking candidates with a bachelor’s degree or college diploma in computer science, information security, or a related field, along with 5+ years of relevant experience in application security, DevSecOps, or secure software development.

 

Innovative Mindset

We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things. 

 

Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve their second language proficiency for future career growth and to contribute towards fostering a bilingual environment.

 

What you need to know

    • Priority will be given to Canadian citizens and permanent residents
    • Security level required: Be eligible to obtain Secret 
    • There will be no relocation assistance provided
    • Please save a copy of the job poster. Once the closing date has passed, it will no longer be available. 

 

Hybrid Work Model

The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a portion of each month as part of the Bank’s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.  

 

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider

 

    • Salaries are based on qualifications and experience and typically range from $111,051 to $130,649 (job grade 17)
    • The Bank offers an incentive for successfully meeting expectations at  7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
    • Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
    • Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
    • Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service

 

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.