DevSecOps Practices Specialist

Teck is a leading Canadian resource company focused on responsibly providing the metals essential for global development and the energy transition while caring for the people, communities and land that we love.
Teck's two regional business units, North America and Latin America, oversee Teck's assets through all phases of safe, sustainable development, operation and closure. The business units are supported by enterprise-wide functions that set strategic direction, establish standards and provide governance, as well as supporting the business through shared services, centers of excellence and business partnering.
Reporting to the Manager, Business Applications, the Senior DevSecOps Specialist is responsible for crafting, integrating and maintaining DevSecOps practices in the Enterprise Applications teams. This outstanding role requires a solid background in application security, development and operations! The successful individual will curate, implement, and maintain automated CI/CD pipelines while ensuring secure and efficient application deployments across cloud and on-premise environments. This role also involves applying infrastructure as code practices using Terraform and embedding security into all stages of the development lifecycle. In doing so, the role will collaborate across the Enterprise Applications, Infrastructure & Operations, and Cyber Security groups to improve the reliability, scalability, and security of our systems.

Responsibilities

• Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
• Design, develop, and maintain DevSecOps practices and artifacts, including CI/CD pipelines
• Automate the build, test, and deployment of applications to both Azure and on-premise Windows environments
• Apply Terraform to implement infrastructure as code for provisioning Azure resources and application configuration management
• Embed security best practices into CI/CD pipelines under supervision, including automated security validation, testing, vulnerability assessments, and compliance checks in alignment with technology standards
• Collaborate with development teams to ensure applications are deployed securely and efficiently, with accurate monitoring and logging mechanisms
• Build and enforce security measures in line with standard. This includes secure coding practices, software component analysis, static and dynamic testing, access control policies, and identity management in Azure and on-premises environments
• Implement monitoring, logging, and alerting solutions to ensure application health and performance with a proactive approach to resolving issues
• Collaborate with Digital Risk and Cyber Security to integrate applicable security key performance and risk indicators into the overall measurement of digital risk and cyber security at the organization
• Act as a bridge between development, security, and support teams to foster a culture of collaboration, continuous learning, and security awareness
• Provide expertise to troubleshoot and resolve applications production issues

Qualifications

• 5+ years in a DevOps or DevSecOps role, with hands-on experience in CI/CD pipelines, automation, and application deployment with a focus on secure development practices
• Solid understanding of applications development, operations and security practices, including troubleshooting
• Strong proficiency with CI/CD tools such as Azure DevOps or GitHub Actions
• Experience deploying and managing applications on Azure and on-premise IIS servers
• Proficiency in scripting and programming languages (C#, Node.js)
• Clear understanding of web application security risks (e.g. OWASP Top 10)
• Secure develop certification from a recognized provider (e.g. ISC2, SANS) is recommended

The actual base salary offered is determined based on the successful candidate’s relevant experience, skills, and competencies and considers internal equity.