Montréal · Contractor · Senior (6-9 yrs)
DevSecOps Engineer — PKI & AWS Cloud — Montreal
A major Canadian bank is modernizing its PKI infrastructure: ADCS to AWS Private CA migration, Terraform IaC, HSM and PCI-DSS compliance. Long-term mission in Montreal.
- PKI / ADCS
- AWS Private CA / ACM
- Terraform Cloud
- GitHub Actions
- HSM Utimaco / Thales
- Datadog / Splunk
A major Canadian financial institution is hardening the security of its identity and certificate management infrastructure. Within the Data Protection team, you own critical PKI platforms and their migration to the cloud.
The context
The organization runs legacy PKI infrastructure (Windows Server / ADCS) that it is migrating to AWS Private CA and AWS Certificate Manager. The goal: robust trust chains, self-service building blocks, and top-tier regulatory compliance (PCI-DSS) in a demanding banking environment.
Your role
- Design and operate PKI platforms: certificate management, certificate authorities, trust chains.
- Drive the ADCS / Windows Server migration to AWS Private CA (PCA) and AWS ACM.
- Industrialize infrastructure as code with Terraform Cloud and GitHub Actions CI/CD pipelines.
- Integrate HSM modules (Utimaco, Thales) and set up observability (Datadog, Splunk, SNMPv3 monitoring).
- Enforce security controls in a regulated environment (PCI-DSS).
What we're looking for
- 5 to 8 years in DevSecOps / IT security / AWS infrastructure.
- 3 to 5 years on PKI (certificates, CAs, trust chains) and ADCS.
- Strong command of AWS Private CA / ACM, Terraform Cloud and GitHub Actions.
- HSM experience (Utimaco / Thales). Pluses: PCI-DSS, SNMPv3, cloud HSM.
Details
- Location: Montreal, hybrid (2 days/week on site).
- Long-term mission: 12 months, renewable.
- Open as freelance or Abbeal permanent — we place both ways.
- Bilingualism not required.
Apply
DevSecOps Engineer — PKI & AWS Cloud — Montreal
