DevSecOps Engineer

Job Description

 Key Responsibilities:

1. Integrate Security into CI/CD Pipelines: Design, implement, and maintain security tools (SAST, DAST, SCA, etc.) within client-specific Continuous Integration/Continuous Deployment (CI/CD) workflows, ensuring security gates are non-disruptive yet effective, despite the dependency on client-mandated tooling.
2. Develop and Maintain Infrastructure-as-Code (IaC) Security: Write and secure IaC (e.g., Terraform, Ansible) to provision and manage cloud infrastructure (AWS/Azure/GCP, or on-premise) in compliance with public sector security standards and hardening guidelines.
3. Conduct Security Assessments and Hardening: Perform security reviews, vulnerability scanning, and hardening of application and infrastructure components across various client technology stacks. Translate client security requirements into actionable engineering tasks.
4. Automate Security Operations: Develop scripts and automation tools to streamline security tasks, incident response, and compliance checks (e.g., auto-remediation, automated patching), reducing manual effort and increasing the speed of secure deployments.
5. Serve as a Security Evangelist: Collaborate closely with development and operations teams to champion DevSecOps principles, provide security training, and embed a security-first culture that respects the constraints and architecture choices imposed by client environments.

Ideal Profile:

Key Requirements:

1. Proven DevSecOps Tooling Experience: Solid experience with relevant DevSecOps tools (e.g., Jenkins/GitLab CI, Docker, Kubernetes, Ansible/Terraform, and security scanning tools), and the ability to pivot to new/client-mandated tools quickly.
2. Coding and Scripting Proficiency: Strong skills in at least one scripting language (e.g., Python, Bash) to develop custom automation and integrate security tools via APIs.
3. Security and Compliance Knowledge: Familiarity with common security standards, controls (e.g., CIS Benchmarks, OWASP Top 10), and the specific compliance requirements typical of the Singapore public sector environment.
4. Cloud/Container Security Experience: Practical experience securing common public cloud environments (AWS, Azure, or GCP) and container orchestration platforms (Kubernetes, OpenShift).
5. Problem-Solving and Communication Skills: Excellent analytical skills to troubleshoot complex, cross-functional security issues, and strong verbal/written communication to explain risks and solutions to both technical and non-technical stakeholders (including client teams).

Are you interested in this position?

Apply by clicking on the “Apply Now” button below!

#GraphicDesignJobsOnline

#WebDesignRemoteJobs #FreelanceGraphicDesigner #WorkFromHomeDesignJobs #OnlineWebDesignWork #RemoteDesignOpportunities #HireGraphicDesigners #DigitalDesignCareers# Dynamicbrand guru