BACKGROUND INFORMATION

This consultancy is within the Common Software Platform Division (CSP) in the Informatics, Administration and Publications Department (IAP) that is responsible for modernizing and evolving software applications and related tools used in the BR. The objective of this consultancy is to support the implementation of the e-Comment project. E-Comment is a new web application (React frontend/.Net backend) which will replace the SpaceCom legacy desktop application for commenting on coordination requirements established by the BR. 

TERMS OF REFERENCE

Under the guidance of the head, CSP division the consultant will:

• Conduct a technical assessment of current CI/CD pipelines, build processes, tooling, infrastructure automation, and security practices. Identify areas for improvement aligned with best practice DevSecOps standards.
• Create or improve automated Azure DevOps pipelines for web and desktop applications, including building, testing, security scanning, dependency analysis, packaging, and deployment across multiple environments. Establish pipeline templates and standards for scalable reuse across multiple BR applications. Enhance deployment reliability through rollback mechanisms, approvals, and reproducible build practices.
• Integrate automated security scanning (SAST, DAST, SCA, container scanning), vulnerability management, license compliance checks, and secure build practices into all pipelines.
• Containerize appropriate services (where feasible) and design deployment pipelines for cloud platforms (Azure and/or AWS).
• Implement automated workflows for building, packaging, code signing (including Windows executables), and distributing desktop applications in a secure, repeatable manner.
• Configure or improve Infrastructure-as-Code (IaC) templates, monitoring, logging, and environment provisioning to ensure consistent and reproducible infrastructure.
• Work closely with developers to define requirements, establish DevSecOps standards, and train teams on new tools and processes. Produce clear, maintainable documentation covering DevOps workflows, security practices, pipelines, troubleshooting procedures, and operational guidelines.

CONCRETE DELIVERABLES

• Design and implementation of reusable multi stage YAML pipelines for the e-Comment web application, including: Dev → QA → Prod staged deployments, automated IIS deployment, built in rollback mechanisms, automated unit test execution, code coverage reporting, static code analysis via SonarQube, automated security vulnerability scanning and quality gate checkpoints integrated into the CI process. These pipelines should adopt best practice DevSecOps patterns, support containerization/cloud deployment, and must be designed for reuse across other BR web applications, ensuring a unified and secure development lifecycle.
• Creation of a fully automated desktop application build and release pipeline for SpaceGIBC including secure file-based code signing integration, automated build, packaging, and versioning, staged rollout strategy and automated distribution workflows. The templates should be designed for reusability across other desktop applications. This pipeline should follow secure practices, ensuring reproducible and trusted executable generation.
• Assessment of a technical feasibility for containerizing the SpaceGIBC desktop application, documenting findings, constraints, and recommended architecture. Where feasible, implementation of a proof-of-concept containerized deployment with reusable Azure DevOps pipelines for building, scanning, and deploying container images to a cloud environment. If full containerization is not viable within scope, delivery of a baseline pipeline architecture applicable to other BR applications that are suitable for containerization.
• Conduct of practical training sessions for developers covering Azure DevOps pipeline creation and management, best practices for CI/CD, DevSecOps, and automation and usage of new templates, tools, and workflows.
• Documentation of all implemented processes, pipelines, standards, and procedures in Confluence, ensuring smooth adoption across teams.

COMPETENCIES

• Azure DevOps (multi-stage YAML pipelines, environments, approvals, pipeline templates, Azure Artifacts).
• DevSecOps tooling (SAST, DAST, SCA, container scanning, SonarQube, quality gates).
• Windows desktop application build automation (MSBuild, packaging, versioning, code-signing).
• Containerization and container image management (Docker, Azure Container Registry).
• Cloud deployment on Azure (App Services, AKS or Container Apps, Key Vault).
• Infrastructure-as-Code (Bicep or Terraform), environment provisioning, and basic observability configuration (Azure Monitor, Application Insights).
• Scripting and automation (PowerShell, Bash).
• IIS deployment automation and web application release management.
• Technical documentation and developer training.

QUALIFICATIONS REQUIRED

Education:

Advanced university degree in systems engineering or information technology, or computer science or a related field OR education from a reputed college of advanced education with a diploma of equivalent standard to that of an advanced university degree in one of the fields above.

Experience:

At least five (5) years of experience in the field relevant to the Special Service Agreement (SSA).

• Proven experience in designing and automating CI/CD pipelines and deployment processes for web and/or desktop applications, primarily in Windows environments using Azure DevOps.
• Demonstrated hands on experience with containerization and deploying applications to cloud environments, preferably Azure and/or AWS.
• Experience in applying DevSecOps practices such as automated testing, code quality checks, and security scanning within CI/CD workflows.
• Hands-on experience in automating desktop application building pipelines, including packaging, versioning, and code-signing of Windows executables in a CI/CD context.
• Experience with Infrastructure-as-Code (IaC) and configuration management tools (e.g., Terraform) is desirable.
• Prior involvement in modernizing legacy build or deployment processes and transitioning them into modern automated CI/CD workflows is desirable.
• Experience with AKS, Azure Container Apps, or equivalent orchestration platforms is desirable.

Languages: 

Knowledge of English or French at advanced level. 

REMUNERATION INFORMATION

USD 280 per working day.