About the role
Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.
This position within Air Canada’s DevOps team is responsible for shaping the next generation of secure DevOps capabilities and driving value through strategic investments in automation, CI/CD, and infrastructure as code, and integrated security
This role demands strong expertise in security and automation, along with analytical and strategic thinking to collaborate with Air Canada IT and business unit teams, ensuring solutions meet requirements, align with security standards, and support the technology roadmap.
As a leader, the DevOps Specialist will also mentor and coach team members, contributing to the development of a high-performing DevOps organization and the delivery of robust, scalable solutions.
The ideal candidate will bring extensive experience in designing, implementing, and managing DevSecOps solutions across cloud platforms, with deep knowledge of CI/CD pipelines, container security, vulnerability management, policy as code, and monitoring. This role requires excellent problem-solving skills and the ability to collaborate effectively with cross-functional teams.
Primary goal of the position is, with strong security and automation skills to lead initiatives around the creation and maintenance of hardened container images, secure package management, and ensuring that CI/CD pipelines adhere to industry best practices and internal security policies
Responsibilities:
- Champion and evolve the DevSecOps vision, embedding security as a core principle within CI/CD pipelines and cloud infrastructure
- Architect, implement, and maintain secure AWS environments, ensuring compliance with industry standards and best practices
- Build automation for security controls such as IAM policies, encryption, secrets rotation, and vulnerability patching
- Risk assessments, and security reviews across the SDLC
- Monitor for security incidents, manage incident response, and lead root cause analysis and remediation efforts
- Drive continuous improvement by identifying security gaps and innovating security solutions for cloud-native applications
- Build and maintain hardened base images (e.g., Docker, AMIs) aligned with security benchmarks such as CIS, NIST, and company-specific standards.
- Develop automated mechanisms to scan, update, and patch packages within those images regularly.
- Collaborate with security teams to implement policies into CI/CD pipelines, ensuring code, images, and dependencies are compliant before promotion
- Integrate security tools (e.g., SAST, DAST, SCA, container scanners) into building pipelines and monitor results.
- Establish processes to manage image provenance, SBOM (Software Bill of Materials), Bill of materials SLSA (Supply-chain Levels for Software Artifacts),and
artifact trust. - Automate vulnerability scanning and enforce secure deployment gates.
- Collaborate with developers to remediate findings and improve code security.
- Support threat modeling, risk assessments, and compliance automation.
- Monitor and improve pipeline security metrics.
- Document and communicate secure practices to developers and engineering teams, promoting a security-first culture.
Qualifications
Technical Skills:
- A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
- 5+ years experience with IT technology
- Proven experience with cloud platforms such as AWS, Azure, or Google Cloud.
- Strong knowledge of cloud architecture, networking, and security principles.
- Solid understanding of AWS services: This includes knowledge of core services like S3, EC2, IAM, and services related to governance like CloudTrail, Config,
and IAM Identity Center. - Security expertise: Familiarity with security best practices for the cloud, including encryption, access controls, and incident response procedures.
- Experience with compliance frameworks: Understanding of relevant compliance frameworks like HIPAA, PCI DSS, GDPR, PIPEDA and SOC 2.
- Proven experience in DevSecOps, Cloud Security, or Infrastructure Security.
- Proficiency in scripting and automation (e.g., Bash, Python, Go).
- Hands-on experience with CI/CD platforms (e.g., GitHub Actions, Bitbucket pipeline).
- Deep knowledge of containerization (Docker, Podman) and image scanning tools.
- Familiarity with IaC tools (e.g., Terraform, Ansible) and cloud platforms (AWS, Azure).
- Strong knowledge of secure software development lifecycle (SSDLC).
- Experience with package managers and secure dependency management (e.g., pip, npm, apt, yum).
- Knowledge of compliance frameworks and how to operationalize them in cloud environments.
- Strong communication skills and ability to influence cross-functional teams.
- Hands-on experience with tools like OWASP ZAP, Snyk, SonarQube, Checkmarx, or Fortify.
- Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.
Business Skills:
- Understanding of cloud governance principles: Knowledge of the shared responsibility model, cost optimization strategies, and resource tagging for
accountability. - Communication and collaboration: Ability to communicate effectively with technical and non-technical audiences, collaborate with stakeholders to define
governance requirements, and document processes. - Problem-solving and analytical skills: Ability to identify and address potential security risks, troubleshoot governance issues, and analyze logs for anomalies.
- Project management: Experience in planning, implementing, and monitoring governance initiatives.
Additional Considerations:
- CNCF CKS, AWS Security Specialty, or CompTIA Security+.
- Experience with policy-as-code tools like OPA (Open Policy Agent), Conftest, or Checkov
- Familiarity with container orchestration (Kubernetes) and securing workloads in production.
- Experience with security operations in agile product development environments.
- Exposure to zero-trust security models and cloud-native security architectures.
Conditions of Employment:
- Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.
Linguistic Requirements
Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.
About Air Canada
Canada's largest airline, the country’s flag carrier and a founding member of Star Alliance, the world's most comprehensive air transportation network celebrating its 25thanniversary in 2022, Air Canada provides scheduled passenger service directly to 51 airports in Canada, 51 in the United States and 86 internationally. It is the only international network carrier in North America to receive a Four-Star ranking from Skytrax, which in 2021 gave Air Canada awards for the Best Airline Staff in North America, Best Airline Staff in Canada, Best Business Class Lounge in North America, and an excellence award for its management of the COVID-19 pandemic.
**
Air Canada est la plus importante société aérienne du Canada, le transporteur national du pays et un membre cofondateur du réseau Star Alliance — le plus vaste regroupement mondial de sociétés aériennes, qui célèbre son 25e anniversaire en 2022. Les lignes passagers régulières d’Air Canada relient sans escale 51 aéroports au Canada, 51 aux États-Unis et 86 sur le reste du globe. En Amérique du Nord, Air Canada constitue le seul transporteur aérien d’envergure internationale offrant une gamme complète de services à détenir la cote quatre étoiles de Skytrax qui, en 2021, lui a décerné les prix Meilleur personnel au sol et à bord en Amérique du Nord, Meilleur personnel au sol et à bord au Canada, Meilleur salon de classe affaires en Amérique du Nord ainsi qu’un Prix d’excellence pour sa gestion de la pandémie de la COVID-19.
About the role
Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.
This position within Air Canada’s DevOps team is responsible for shaping the next generation of secure DevOps capabilities and driving value through strategic investments in automation, CI/CD, and infrastructure as code, and integrated security
This role demands strong expertise in security and automation, along with analytical and strategic thinking to collaborate with Air Canada IT and business unit teams, ensuring solutions meet requirements, align with security standards, and support the technology roadmap.
As a leader, the DevOps Specialist will also mentor and coach team members, contributing to the development of a high-performing DevOps organization and the delivery of robust, scalable solutions.
The ideal candidate will bring extensive experience in designing, implementing, and managing DevSecOps solutions across cloud platforms, with deep knowledge of CI/CD pipelines, container security, vulnerability management, policy as code, and monitoring. This role requires excellent problem-solving skills and the ability to collaborate effectively with cross-functional teams.
Primary goal of the position is, with strong security and automation skills to lead initiatives around the creation and maintenance of hardened container images, secure package management, and ensuring that CI/CD pipelines adhere to industry best practices and internal security policies
Responsibilities:
- Champion and evolve the DevSecOps vision, embedding security as a core principle within CI/CD pipelines and cloud infrastructure
- Architect, implement, and maintain secure AWS environments, ensuring compliance with industry standards and best practices
- Build automation for security controls such as IAM policies, encryption, secrets rotation, and vulnerability patching
- Risk assessments, and security reviews across the SDLC
- Monitor for security incidents, manage incident response, and lead root cause analysis and remediation efforts
- Drive continuous improvement by identifying security gaps and innovating security solutions for cloud-native applications
- Build and maintain hardened base images (e.g., Docker, AMIs) aligned with security benchmarks such as CIS, NIST, and company-specific standards.
- Develop automated mechanisms to scan, update, and patch packages within those images regularly.
- Collaborate with security teams to implement policies into CI/CD pipelines, ensuring code, images, and dependencies are compliant before promotion
- Integrate security tools (e.g., SAST, DAST, SCA, container scanners) into building pipelines and monitor results.
- Establish processes to manage image provenance, SBOM (Software Bill of Materials), Bill of materials SLSA (Supply-chain Levels for Software Artifacts),and
artifact trust. - Automate vulnerability scanning and enforce secure deployment gates.
- Collaborate with developers to remediate findings and improve code security.
- Support threat modeling, risk assessments, and compliance automation.
- Monitor and improve pipeline security metrics.
- Document and communicate secure practices to developers and engineering teams, promoting a security-first culture.
Qualifications
Technical Skills:
- A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
- 5+ years experience with IT technology
- Proven experience with cloud platforms such as AWS, Azure, or Google Cloud.
- Strong knowledge of cloud architecture, networking, and security principles.
- Solid understanding of AWS services: This includes knowledge of core services like S3, EC2, IAM, and services related to governance like CloudTrail, Config,
and IAM Identity Center. - Security expertise: Familiarity with security best practices for the cloud, including encryption, access controls, and incident response procedures.
- Experience with compliance frameworks: Understanding of relevant compliance frameworks like HIPAA, PCI DSS, GDPR, PIPEDA and SOC 2.
- Proven experience in DevSecOps, Cloud Security, or Infrastructure Security.
- Proficiency in scripting and automation (e.g., Bash, Python, Go).
- Hands-on experience with CI/CD platforms (e.g., GitHub Actions, Bitbucket pipeline).
- Deep knowledge of containerization (Docker, Podman) and image scanning tools.
- Familiarity with IaC tools (e.g., Terraform, Ansible) and cloud platforms (AWS, Azure).
- Strong knowledge of secure software development lifecycle (SSDLC).
- Experience with package managers and secure dependency management (e.g., pip, npm, apt, yum).
- Knowledge of compliance frameworks and how to operationalize them in cloud environments.
- Strong communication skills and ability to influence cross-functional teams.
- Hands-on experience with tools like OWASP ZAP, Snyk, SonarQube, Checkmarx, or Fortify.
- Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.
Business Skills:
- Understanding of cloud governance principles: Knowledge of the shared responsibility model, cost optimization strategies, and resource tagging for
accountability. - Communication and collaboration: Ability to communicate effectively with technical and non-technical audiences, collaborate with stakeholders to define
governance requirements, and document processes. - Problem-solving and analytical skills: Ability to identify and address potential security risks, troubleshoot governance issues, and analyze logs for anomalies.
- Project management: Experience in planning, implementing, and monitoring governance initiatives.
Additional Considerations:
- CNCF CKS, AWS Security Specialty, or CompTIA Security+.
- Experience with policy-as-code tools like OPA (Open Policy Agent), Conftest, or Checkov
- Familiarity with container orchestration (Kubernetes) and securing workloads in production.
- Experience with security operations in agile product development environments.
- Exposure to zero-trust security models and cloud-native security architectures.
Conditions of Employment:
- Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.
Linguistic Requirements
Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.
About Air Canada
Canada's largest airline, the country’s flag carrier and a founding member of Star Alliance, the world's most comprehensive air transportation network celebrating its 25thanniversary in 2022, Air Canada provides scheduled passenger service directly to 51 airports in Canada, 51 in the United States and 86 internationally. It is the only international network carrier in North America to receive a Four-Star ranking from Skytrax, which in 2021 gave Air Canada awards for the Best Airline Staff in North America, Best Airline Staff in Canada, Best Business Class Lounge in North America, and an excellence award for its management of the COVID-19 pandemic.
**
Air Canada est la plus importante société aérienne du Canada, le transporteur national du pays et un membre cofondateur du réseau Star Alliance — le plus vaste regroupement mondial de sociétés aériennes, qui célèbre son 25e anniversaire en 2022. Les lignes passagers régulières d’Air Canada relient sans escale 51 aéroports au Canada, 51 aux États-Unis et 86 sur le reste du globe. En Amérique du Nord, Air Canada constitue le seul transporteur aérien d’envergure internationale offrant une gamme complète de services à détenir la cote quatre étoiles de Skytrax qui, en 2021, lui a décerné les prix Meilleur personnel au sol et à bord en Amérique du Nord, Meilleur personnel au sol et à bord au Canada, Meilleur salon de classe affaires en Amérique du Nord ainsi qu’un Prix d’excellence pour sa gestion de la pandémie de la COVID-19.