You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Security Engineer, DevSecOps

Full Time
Security Engineer, DevSecOps

Location: Remote (BC only), BC, CA

Job Function: Information Technology

Joining the Business Technology team at BCLC means you'll be working with cutting-edge technology to help build a world-class entertainment company. This is an engaged, innovative, capable group of talented individuals working in digital enablement, product delivery services, technology platform enablement, enterprise services, integrity and operations. This enables us to execute the purchase and validation of lottery tickets at over 3500 lottery retailers, manage a complex network of 12,000 slot machines and electronic table games across the province and provide the backbone for BCLC's eGaming platform, and much more.

We have offices in Kamloops and Vancouver and can also support 100% remote (from within British Columbia) for this position.

Job Summary:

The Security Engineer - Development, Security and Operations (DevSecOps) supports BCLC's Cybersecurity program and helps to protect BCLC's information assets by providing expert support to the DevSecOpswork stream. This role provides guidance to development teams to ensure that they build secure applications that are resilient to threats, and compliant with industry security standards. This role supports projects and business operations by providing security & compliance training, and by recommending solutions and methodologies in secure code analysis, change management, and threat & vulnerability investigation. Additionally, the Security Engineer - DevSecOps brings application security specialization to support the overall Cybersecurity program.

Key Accountabilities:
  • Supports Cybersecurity initiatives as directed by the Cybersecurity program.
  • Provides expert support to the DevSecOps work stream through guidance on how to build applications that are resilient to threats, and compliant with industry security standards. This includes a program for general security training and compliance training, and guidance on specific application development matters and assessments of application development sprints.
  • Recommends solutions and methodologies in code analysis, change management, and threat & vulnerability investigation in the DevSecOps work stream to move the identification of cyber risk to earlier in the development pipeline.
  • Recommends solutions and methodologies to address application development supply chain risks with untrusted code repositories and libraries.
  • Implements, configures and maintains Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools in the application development pipeline.
  • Establishes and maintains a Community of Practice (CoP) for secure application development at BCLC. Establishes and maintains positive relationships with internal system owners and external vendors, providing cyber security and risk management support.
  • Maintains good understanding of BCLC's key business systems and processes to support accountabilities listed above, and for consideration and input into Cybersecurity program.
  • Continuously develops sharp technical skills, quickly getting up to speed on new technology, trends, types of vulnerabilities, exploits and risks to BCLC's information assets.
  • Contributes to the development and maintenance of information security policies, standards and procedures, and where needed supports the development of applicable technology standards.
  • Provides information on system configurations, accounts and information security practices to auditors and regulators as directed by the Cybersecurity management team.
  • Responds to complex requests and handles escalations for major issues.
Minimum Required Qualifications:
Education and Experience
  • A degree or diploma in information security / application security, or equivalent in a related discipline is an asset;
  • DevOps Institute certifications, such as DevOps Foundation, DevOps Leader or DevSecOps Engineering, are an asset;
  • Technology administration certifications, such as MCSE, CCIE or RHCE, are an asset;
  • Four to six years of progressive experience in information security / application security / information technology;
  • Experience assessing the security of applications written in various programming languages (e.g.: Java, PHP, Python, Ruby, Perl), operating in various environments (e.g.: web, cloud, SaaS, mobile);
  • Experience working with AWS, Docker and Kubernetes, and how to implement developer tools, such as GitHub and Dependency, is an asset;
  • Experience working with configuration management tools such as Chef, Puppet, and Ansible, is an asset;
  • Experience in security controls and integrations related to Microsoft 365, AWS or SaaS implementations is an asset;
  • An equivalent combination of education and / or experience may be considered.
Technical Requirements
  • Strong oral and written communication skills, including the ability to write reports and document procedures;
  • Good ability to deal with highly sensitive matters with a high degree of tact and diplomacy;
  • Strong organizational skills with the ability to prioritize items;
  • Good with problem solving and analytical thinking;
  • Strong business acumen;
  • Good ability to manage relationships at all levels with customers, leaders, contractors and team members to effect change.
About Us:

For over three decades, BCLC has delivered exceptional gambling entertainment for British Columbians with the primary purpose of giving back to the province.

Currently we:
  • Operate provincial, national and "Instant Win" in partnership with over 3500 lottery retailers across the province.
  • Oversee 34 casino and community gaming centres across the province.
  • Provide safe, secure and legal online gambling options including sports betting, casino style games and lottery.
In the fiscal year prior to the pandemic, we gave over $1.4 billion back to the province to support healthcare, education, community groups, and much more.

To help us achieve this goal, we aim to have the healthiest players in the world by establishing a higher standard of support with evidence-based player health programs.

To build a rich diverse workforce representing the communities which we serve, we welcome applications from people of all colours and cultures, persons with diverse abilities, and members of the LGBTQ2S+ community.

BCLC values work life balance and offers remote work options.

Relocation assistance is available for successful job candidates from outside BC.

If you are in need of accommodation or special assistance at any step of your application, please send an email with your request to

For over more than a decade, we have been recognized as one of BC's Top Employers - and we are constantly seeking ways to improve our employee and player experience. To learn more about BCLC, please visit:

Ready to join our team?

Please Note:
This opportunity will remain open until a qualified candidate pool has been established.

Candidates must be legally entitled to work in Canada and be 19 years of age to work at BCLC.

BCLC requires all employees to be fully vaccinated from Covid-19 (as defined by Health Canada). Full vaccination will be required before commencing employment with BCLC unless a legal exemption is obtained.

Information Technology