Ottawa (Downtown), ON, CA
Senior Cyber Specialist
Take a central role
The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment.
Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.
With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers: Working Here - Bank of Canada
Find out more about the next steps in our Recruitment process.
In addition to the position being staffed, this competition may be used to fill similar opportunities (Regular or Term) that become available at the same job grade. If you’re interested in this type of role, we encourage you to apply.
About the position
We are seeking a hands-on Senior Cyber Specialist (DevSecOps) to join the Cyber Division. This role is focused on strengthening the organization’s application security posture by embedding security practices into the software development lifecycle and enabling development teams to deliver secure applications at scale.
Working within Cyber and in close partnership with development and DevOps teams, you will play a key role in operationalizing application security tooling and ensuring vulnerabilities identified through these tools are effectively triaged, prioritized, and remediated. You will help development teams distinguish real risk from false positives, manage security backlogs, and drive timely remediation of high-impact issues.
What you will do
As a Senior Cyber Specialist, you will work directly with development and DevOps teams to integrate security into the software development lifecycle and reduce exploitable risk in production systems.
In addition:
Application Security Enablement
- Embed secure SDLC practices across development teams, including defining guardrails and minimum control expectations
- Enable and support security testing capabilities (e.g., SAST, SCA, DAST, secrets, container, IaC scanning)
- Ensure security requirements are integrated into build, test, and release processes
Developer Support and Remediation
- Partner with developers to triage findings and distinguish true risk from false positives
- Provide actionable remediation guidance, secure coding patterns, and examples
- Support developer awareness, training, and adoption of secure coding practices
Vulnerability and Finding Management
- Prioritize findings based on risk, exploitability, and business impact
- Support definition and enforcement of remediation SLAs and backlog management practices
- Track and report on trends, recurring issues, and aging vulnerabilities
DevSecOps Tooling and Automation
- Integrate security tools into CI/CD pipelines and developer workflows
- Configure and tune scanning tools to improve signal quality and reduce noise
- Ensure findings are effectively ingested into developer tools (e.g., Jira, Azure DevOps)
Platform and Supply Chain Security
- Support security practices for containers, CI/CD pipelines, and cloud-native environments
- Enable secure use of third-party and open-source components (dependency and license risk)
- Contribute to secure handling of secrets and configuration in pipelines and code
Continuous Improvement and Standards
- Identify opportunities to improve AppSec processes, tooling, and developer experience
- Contribute to standards, guidance, and reusable security patterns
- Support measurement and continuous improvement of application security maturity
What you need to succeed
You are a hands-on security specialist with a strong developer-first mindset. You are comfortable working directly with engineering teams and translating security requirements into practical, actionable solutions.
In addition, you have experience with:
- Application security and secure software development practices
- Security testing tools (e.g., SAST, SCA, DAST, secrets scanning, container/IaC scanning)
- DevSecOps and CI/CD pipeline integration (e.g., GitHub, Azure DevOps)
- Vulnerability management, triage, and remediation workflows
- Secure coding practices and common vulnerability patterns (e.g., OWASP Top 10)
- Working with developers to diagnose and resolve security issues
- Automation and tool configuration/tuning to improve efficiency and effectiveness
- Containers, cloud-native environments, and third-party dependency risk
Nice-to-have
- Experience implementing security controls in enterprise CI/CD environments
- Experience establishing remediation SLAs and backlog management practices
- Experience contributing to AppSec standards, playbooks, or developer guidance
- Familiarity with security considerations in modern development environments
Your education and experience
Your combined education and work experience demonstrate that you have the competencies required for the position. We are ideally seeking candidates with a bachelor’s degree or college diploma in computer science, information security, or a related field, along with 5+ years of relevant experience in application security, DevSecOps, or secure software development.
Innovative Mindset
We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things.
Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve their second language proficiency for future career growth and to contribute towards fostering a bilingual environment.
What you need to know
-
- Priority will be given to Canadian citizens and permanent residents
- Security level required: Be eligible to obtain Secret
- There will be no relocation assistance provided
- Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
Hybrid Work Model
The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a portion of each month as part of the Bank’s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.
What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider.
-
- Salaries are based on qualifications and experience and typically range from $111,051 to $130,649 (job grade 17)
- The Bank offers an incentive for successfully meeting expectations at 7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
- Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
- Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
- Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service
We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.