5d ago

No other bank is doing what we do.

At BDC, we help Canada and its entrepreneurs create a prosperous, inclusive and green economy. Our mission is to help Canadian businesses thrive by providing financing, capital and advisory services.

We’re devoted to Canadian entrepreneurs. We’re also dedicated to our employees. Adaptable. Inspiring. Different. There’s a reason we like to work here, and we think you’ll like it too.

Join BDC and help make a difference!

Diversity. Equity. Inclusion. They’re more than just words for BDC. These concepts are foundational to our success and to our ability to attract, retain, mobilize and develop the right talent, as well as to offer a healthy, professional and collaborative environment.

We are committed to cultivating and preserving an environment where all employees can thrive, and, for over a decade, we have been recognized as one of Canada's Top 100 Employers and one of Canada's Best Diversity Employers.

In recruiting for our team, we welcome the unique contributions that you can bring in terms of your education, opinions, culture, ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veteran’s status, color, religion, disability, sexual orientation, beliefs, experiences, and more.


The Specialist, IT Security - Operations is responsible for the day-to-day security activities to ensure BDC’s technological environment is well protected.

The incumbent gathers and analyzes information on BDC’s technology, making recommendations and resolving security issues as required.


Develop, deploy, and maintain tools and processes related to periodic security monitoring and to tasks involving security operations with concentration in, but not limited to : Linux , Container infrastructure (Kubernetes, Docker, K8, Tanzu BOSH,) as well as Azure Platform.

Stay abreast of Linux and Container Infrastructure capabilities and security as they evolve. Build well-designed, testable, efficient monitoring use cases using tools such as SYSLOG telemetry, Aquasec, Sysdig, Stackrox or Prisma Cloud.

Analyze incoming security events based on raw telemetry, network, endpoint, SaaS, and log sources expediently, consistently, and accurately for abnormal events.

Work closely with IT operations and other teams to implement and continuously improve controls efficiency.

Regularly verify and analyze all systems and application logs to identify suspicious activity and recommend solutions to eliminate or mitigate risks.

Build, run, and own infrastructure and automation to detect, contain, and eradicate security threats.

Develop alerting and detection strategies to identify malicious or anomalous behavior.

Develop new and novel defensive techniques to identify or counteract changes in adversary techniques and tactics.

  • Take part in verifications and structured security assessments of BDC’s technological environment to ensure that it is protected and complies with established security standards;
  • prepare documents for distribution and provide technical support to the teams responsible for the computer environment.

    Participate in helping to resolve complex security issues by analyzing GC-CIRT (Government of Canada Computer Incident Response Team) advisories, to improve methods for ensuring the safety of BDC’s technological environment.

    Help identify security solutions for various BDC systems.

    Participate in the development and evolution of technological environment security directives, processes and standards and participate in the development of the procedures needed to implement and maintain them.

    Perform other related duties as assigned.


    Minimum eight years’ experience in IT, five of which in network and / or security.

    Must have solid experience with Linux security and foundational level of experience with Containers.

    Experience with Container security tools, such as Aquasec, Sysdig or Stackrox is highly preferred.

    Some experience with at least one of each leading SIEM and EDR tools : Splunk, Azure Sentinel, Qradar, Carbon Black and Crowdstrike.

    At least one of the following certifications : GSEC, GPPA, GCIA, GCWN, GMON, GCDA, OSCP.

    Experience with logging and monitoring systems.

    Familiar with cyber frameworks, such as ATT&CK, Cyber Kill Chain and Diamond Model.

    Experience in a Security Operations Center (SOC) or in a Cyber Incident Response Team (CIRT), preferably in security monitoring and security incident response.

    Experience with infrastructure automation, configuration management, and developer workflows.

    Expertise with Continuous Delivery pipelines and the tools used to deliver solutions (GIT, GitLab, Chef, Puppet, Ansible, Terraform, Jenkins, AWS Code Deploy, Azure DevOps, etc.).

    Experience with on-premise Kubernetes and container security management is highly desirable.

    Detailed understanding of securing the end-to-end image / container lifecycle from image build to production deployment.

    Understanding of CVE - how to identify and remediate Linux Containers.

    Experience in DevSecOps principles and tools for container security management and in detail level on Namespace, Container and Pods.

    Leadership, autonomy, vigilance, team spirit, ability to see the big picture, and discretion.

    Ability to simplify complex issues.

    Knowledge of open-source platforms.

    Sense of priority, understanding of issues, criticality, and impact.

    Strong working knowledge of networking technologies.

    Strong experience with Windows platform and open-source knowledge.

    Ability to share information with peers and transfer knowledge.

    Ability to handle multiple requests and manage priorities.

    Ability to translate and integrate theory into the specifics and tactical realities of IT operations.

    Bilingual (French and English).

    With us, you'll be able to achieve the work / life balance you're looking for, with competitive working conditions and above-market flexible benefits.

    This includes modern workspaces to work from when you are in our offices, and, for some specific positions, the ability to work remotely, on reserve, and / or within your community.

    Important Point to Consider

    Vaccination Policy for COVID-19 : The health, well-being and safety of our colleagues, clients and of the community are a top priority for us.

    Effective November 8, 2021, BDC requires that all employees and consultants be fully vaccinated. A solemn declaration will be requested to this effect.

    While we appreciate all applications, we advise that only the candidates selected to participate in the recruitment process will be contacted.

    If you are a candidate with a disability and need an accommodation to complete the application process, please email us at Careers BDC.

    ca , and include your full name, the best way to reach you, and the accommodation needed to assist you with the application process.

    Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form