Advisor, Software Engineering

Job Description

Join CMHC’s Software Engineering Practices team as an Advisor, Software Engineering — a senior technical leader focused on shaping how software is built and secured across the organization. In this role, you will define and champion modern engineering and security practices, enabling teams to build applications that are scalable, maintainable, and resilient to real-world threats.

You’ll work across product, platform, and security teams to embed secure-by-design thinking into software delivery, while mentoring developers, standardizing best practices, and leading the evolution of CMHC’s secure development lifecycle.

• Define and promote secure software engineering standards, including coding guidelines, API design patterns, and architectural best practices for modern platforms.
• Lead modernization initiatives such as monolith decomposition, microservices design, and componentized frontends, ensuring secure foundations throughout.
• Guide teams in implementing secure authentication and authorization (OAuth2, OIDC, RBAC, ABAC), as well as browser security controls (CSP, CORS, secure headers).
• Conduct threat modeling, design reviews, and secure code walkthroughs, identifying vulnerabilities early and advising on remediation strategies.
• Integrate AppSec tooling (SAST, SCA, DAST) into CI/CD pipelines using GitHub Advanced Security, Invicti, and SonarQube.
• Mentor engineers through workshops, pair programming, and secure design sessions, supporting growth in both engineering quality and security maturity.
• Maintain internal developer enablement assets like secure coding playbooks, reusable components, and platform-specific guidance.
• Lead a Community of Practice (CoP) for secure software engineering, fostering collaboration, shared learning, and continuous improvement.

• An undergraduate degree in computer science, information technology, software engineering, or a related field. An equivalent combination of education and/or experience can be considered.
• A minimum of ten (10) years of relevant experience in software engineering with a strong expertise in secure development, architecture, and platform modernization.
• A proficiency in JavaScript/TypeScript, C#, Python, and/or equivalent languages.
• A deep understanding of secure software development lifecycle (SSDLC), including threat modeling, secure code patterns, and remediation strategies.
• An experience implementing modern identity architectures (OAuth2, OIDC, JWT), API hardening, and platform-level security measures.
• A strong background in cloud-native platforms (e.g., Azure Functions, Logic Apps, Kubernetes) and CI/CD pipelines (ADO, GitHub Actions).
• A proven ability to coach and influence developers, technical leads, and platform engineers.
• Strong communication skills — including the ability to translate complex technical concepts into actionable practices and standards.
• Bilingualism (English and French).

• A certification, such as: OSWE, CSSLP, GIAC GWEB, GWAPT.
• An experience with frontend micro-frontends or progressive web apps (PWAs).
• A familiarity with WCAG accessibility standards, DevEx strategy, or performance optimization.
• Contributions to open-source, CoPs, or engineering standards groups.
• A background in scaling secure coding practices across multi-team environments.
• A public sector or financial services experience.

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply.