📋 External Recruiting Agencies

Astra North (Astra North Infoteck Inc.) is a specialized IT staffing and recruitment process outsourcing (RPO) provider that focuses on supplying talent and managed services to external clients.

This company was flagged and excluded from default search results. Proceed with caution.

Save Job
Posted 3w ago

DevSecOps Engineer – Software Supply Chain Security

@ State Street
Toronto, Ontario, Canada
HybridContract
Responsibilities:designing strategies, securing artifacts, integrating security
Requirements Summary:8+ years DevOps/DevSecOps experience securing CI/CD pipelines and software supply chains; hands-on with Artifactory/Nexus, Maven/PyPI, SLSA, Chainguard, cloud (AWS/Azure), and IaC (Terraform, Ansible, Kubernetes).
Technical Tools Mentioned:CI/CD, Maven, PyPI, Artifactory, Nexus, SLSA (Supply-chain Levels for Software Artifacts), Chainguard, AWS, Azure, Terraform, Ansible, Kubernetes
Save
Mark Applied
Hide Job
Report & Hide
Job Description
DevSecOps Engineer

Location: Toronto, ON
Hybrid (4 days/week onsite)


Experience Required: 8–10 years

Skill Category: Digital – SecDevOps

Role Overview
The State Street Cyber Security Architecture & Engineering team is seeking a highly skilled DevSecOps / Software Supply Chain Security Engineer to support the enterprise rollout of secure software delivery practices.
This role focuses on securing the software supply chain across CI/CD pipelines, artifact management, and dependency ecosystems.

Key Responsibilities
Design and implement software supply chain security strategies
Secure artifact sourcing from Maven, PyPI, and internal registries
Manage Artifactory and artifact governance
Ensure artifact provenance, immutability, and integrity
Integrate security into CI/CD pipelines
Support Chainguard implementation and trusted image pipelines
Drive DevSecOps adoption across engineering teams
Develop dashboards, metrics, and governance standards


Required Skills & Experience
8–12 years of experience in DevOps / DevSecOps (target: 8–10 years)
Hands-on experience with CI/CD pipelines
Strong understanding of software supply chain security
Experience with Artifactory or Nexus
Knowledge of SLSA (Supply-chain Levels for Software Artifacts) principles
Container security experience (Chainguard preferred)
Cloud experience (AWS and/or Azure)
Experience with Infrastructure as Code (Terraform, Ansible, Kubernetes)


Essential Skills
DevSecOps
Software Supply Chain Security
CI/CD Security Integration
Artifact Management & Governance