Vulnerability Management Automation Specialist

Role Summary

This role automates vulnerability management workflows at scale - taking security findings from scanners and tools and routing them automatically to the right owners: developers, infrastructure engineers, and application teams. The work is integration-heavy. It involves building Azure DevOps pipelines, writing YAML-based automation, and connecting security tooling to ticketing systems via API. The right person understands DevSecOps and knows how vulnerability programs break down at scale.

Key Responsibilities

• Design and implement automated workflows that ingest vulnerability findings and create, assign, and track tickets to the appropriate owners (dev teams, infrastructure, DBAs) without manual triage
• Build and configure Azure DevOps pipelines to embed vulnerability scanning and ticket creation directly into CI/CD flows — findings surface at build time, not after deployment
• Develop API integrations between security scanning tools, ticketing platforms (e.g., Azure DevOps Boards, Jira, ServiceNow), and notification systems
• Write YAML pipeline definitions for automated scanning gates, remediation SLA tracking, and escalation workflows
• Define and enforce SLA tiers for vulnerability remediation by severity; build dashboards or reports that surface breach risk before it happens
• Collaborate with development and infrastructure teams to map code repositories, pipelines, and infrastructure components to accountable owners
• Document integration architecture, data flows, and ticket routing logic so the program can scale beyond the initial deployment

Required Qualifications

• 5–7 years in DevSecOps, security engineering, or vulnerability management
• Azure DevOps: pipelines, boards, service connections, YAML pipeline authoring
• API integration experience - REST APIs, authentication patterns (OAuth, API keys, service principals), data transformation between systems
• Vulnerability management fundamentals: understanding CVSS scoring, remediation prioritization, and SLA frameworks
• Scripting in Python or PowerShell for automation and data handling
• Experience with vulnerability scanning tool (Nexus, SonarQube, Defender for Cloud, Snyk, or equivalent)
• Government security clearance: Reliability (minimum), Secret (preferred)

Preferred Qualifications

• Experience integrating security tooling with ticketing platforms (Jira, ServiceNow, Azure Boards) via API
• Familiarity with ITSG-33 or PBMM control requirements related to vulnerability management (SI-2, RA-5)
• Experience operating vulnerability programs in a Government of Canada context