Senior Security Consultant - Devsecops


Calgary, AB, CA Ottawa, ON, CA Toronto, ON, CA Vancouver, BC, CA Montréal, QC, CA

Req ID:  40459
Jobs by Category:  Security & Automation
Job Function:  Cybersecurity
Status:  Full Time
Schedule:  Regular



We live in and work in a rapidly evolving digital world where cyber security is critical.  Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health CSO team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.  


The TELUS Health CSO team is committed to providing excellence in securing our internal and customers’ data and systems, ensuring world-class reliability of security networks and systems, and improving our overall cyber security posture. We manage our cyber risks and provide industry leading cyber governance, assurance and oversight to secure our data. 

You’ll partner with industry leaders to meet the cyber security needs of both TELUS Health and our customers to meet the demands of an increasingly complex and ever-changing cyber security landscape. We are passionate about learning and growing as individuals and as a team, all of which enables us to thrive in a dynamic, fast-paced environment.


The role will support the manager of DevSecOps within TELUS Health Chief Security Office in leading the engineering of security at scale within the secure software development cycle, representing CSO.


This individual contributor role will help assess product’s security maturity through consultation, select and implement security controls within their pipelines (WAF, SAST, DAST, IAST, SCA), act as a SME for addressing security vulnerability validation and remediating those findings. This individual will act as a product security evangelist and contribute greatly to the development and implementation of the security champion program. The individual will also be involved in promoting security awareness, disaster recovery planning, testing and corporate security policy maintenance and enforcement as well as threat and risk assessments.

Working as a partner to the product teams and TELUS Health Cloud program, this role will drive the adoption of secure Cloud and application security within the pipelines and processes of the product.


  • Provide training and awareness sessions to application development teams, highlighting the benefits of web application layer protection services, and demonstrating exploitation of confirmed security vulnerabilities
  • Perform comprehensive Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA) to identify vulnerabilities
  • Review security scan results and work closely with the development team to prioritize security vulnerabilities using a risk-based approach
  • Identify vulnerabilities and weaknesses through web and mobile application security assessments, code reviews, threat modeling, vulnerability scanning, and manual application penetration testing
  • Provide actionable recommendations and guidance to improve the security posture of applications and their supporting technology infrastructure
  • Collaborate with stakeholders to develop and enhance security policies, procedures, and risk management strategies
  • Lead key security initiatives, manage projects, and work collaboratively with cross-functional teams
  • Work across product teams to integrate security into the SDLC / CICD pipeline through consideration of security at each step. Extension of security into the design, developer environment (IDE), software composition analysis, static assessment, and dynamic assessment as part of the local CICD pipeline
  • Drive consistency of control and solution across the tooling applied within each product team. Whilst a single solution will not always be desirable, seek out consolidation where possible and ensure all solutions have consistent levels of security
  • Identify, justify and promote the use of shared security services or patterns (e.g. Web Application Firewalls) that can deliver consistent security protection without impeding local product agility or effectiveness
  • Ensure product development teams have the right level of security expertise to operate their aspects of the security operating model
  • Work with the SecOps team to define response playbooks for application security incidents, and seek out automation for common events to ensure sustainable T1/T2 operation
  • Work with the SecOps team to define the runbooks for application security tooling operated by the CSO team, ensuring sustainable security operation across TH’s portfolio of applications



What you bring


  • University degree or equivalent industry experience
  • Strong communication, presentation, and relationship skills, especially the ability to articulate technical topics
  • Knowledge of security and industry standards (e.g., ISO, NIST, ITIL, etc)
  • Knowledge and practical experience any of the following OWASP top 10, OWASP Web application Security Testing Guide (WSTG), OWASP (Mobile) Application Security Verification Standard (MASVS/ASVS), BSIMM, and OpenSAMM
  • CISSP, CCSP, CRISC or similar Cloud certification are preferred.
  • Practical Cloud security experience with appropriate certification spanning GCP and either AWS or Azure
  • Experience working on enterprise Cloud services deployments (SaaS, PaaS, IaaS) and understand security challenges involved in Cloud migration, adoption and operation
  • Experience deploying and migrating to/from private Cloud environments
  • Experience with virtual machine management, container orchestration, API management and secure use of serverless technologies
  • Knowledge of application security, software development with security concepts and integration into the development pipelines.
  • Experience across SCA, SAST, DAST, and IAST
  • Experience working with proxy intercept tools such as Burp Suite Pro or OWASP ZAP
  • Integration experience across pipelines and orchestration tools such as Jenkins, source repositories (e.g. GitHub, bitBucket etc), Integrated Development Environments, and testing tools
  • Experienced with agile delivery teams and environment
  • Experienced working in a DevOps / SRE operation
  • Experience with application security capabilities including Web Application Firewalls, DDoS mitigation, Bot prevention, and associated threat management controls
  • Familiarity with pipelines, automation and scripting
  • Performed threat modeling and design reviews assessing security implications and requirements introducing new technologies (STRIDE)
  • Performed security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks


Nice to haves


  • Professional security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and others
  • Industry-recognized certifications would be an asset. (i.e., OSCP, OSWE, ECDE, Burpsuite Certified Practitioner, GWAPT, eWPT, GMOB, eMAPT etc.)
  • Experience within a regulated business environment
  • An insatiable appetite for modern and emerging technologies and tools




Salary Range:  $101,000-$151,000
Performance Bonus or Sales Incentive Plan:  15%

Actual total compensation will be determined based on factors such as knowledge, skills, performance and experience. 

A bit about us

We’re a people-focused, customer-first, purpose-driven team who works together every day to innovate and do good. We improve lives through our technology solutions and foster a culture of innovation that empowers team members to solve complex problems and create remarkable human outcomes in a digital world. 

You’ll find our engaging, high-performance culture personally fulfilling, professionally challenging, and financially rewarding. We’re committed to diversity and equitable access to employment opportunities based on ability. Your unique contributions and talents will be valued and respected here. When you join our team, you’re helping us make the future friendly.

Note for Quebec candidates: if knowledge of English is required for this position, it is because the team member will be asked, on a regular basis, to interact in English with external or internal parties or to use English applications or software as part of their tasks.





Security & Automation

We’re looking for talented sales professionals, solution designers, security technicians and customer support specialists with proven experience in commercial security and automation to join our team.

We are honoured to be recognized

Team TELUS at a glance

Days volunteered in our communities

Billion contributed to charitable and community organizations since 2000

Million customer connections


TELUS is proud to foster an inclusive culture that embraces diversity. We are committed to fair employment practices and all qualified applicants will receive consideration for employment.

We offer accommodation for applicants with disabilities, as required, during the recruitment process.