DevSecOps Engineer

The Role:

🔑 Key Success Factors:

• Willingness to Learn: You must be eager to rapidly learn and master diverse technologies, especially those dictated by our public sector clients' specific environments and tech stacks.
• Agility to Adapt: You need to quickly adjust security strategies and automation workflows to fit unique, client-dependent development pipelines and deployment models.

📝 Key Responsibilities:

1. Integrate Security into CI/CD Pipelines: Design, implement, and maintain security tools (SAST, DAST, SCA, etc.) within client-specific Continuous Integration/Continuous Deployment (CI/CD) workflows, ensuring security gates are non-disruptive yet effective, despite the dependency on client-mandated tooling.
2. Develop and Maintain Infrastructure-as-Code (IaC) Security: Write and secure IaC (e.g., Terraform, Ansible) to provision and manage cloud infrastructure (AWS/Azure/GCP, or on-premise) in compliance with public sector security standards and hardening guidelines.
3. Conduct Security Assessments and Hardening: Perform security reviews, vulnerability scanning, and hardening of application and infrastructure components across various client technology stacks. Translate client security requirements into actionable engineering tasks.
4. Automate Security Operations: Develop scripts and automation tools to streamline security tasks, incident response, and compliance checks (e.g., auto-remediation, automated patching), reducing manual effort and increasing the speed of secure deployments.
5. Serve as a Security Evangelist: Collaborate closely with development and operations teams to champion DevSecOps principles, provide security training, and embed a security-first culture that respects the constraints and architecture choices imposed by client environments.

Ideal Profile:

✅ Key Requirements:

1. Proven DevSecOps Tooling Experience: Solid experience with relevant DevSecOps tools (e.g., Jenkins/GitLab CI, Docker, Kubernetes, Ansible/Terraform, and security scanning tools), and the ability to pivot to new/client-mandated tools quickly.
2. Coding and Scripting Proficiency: Strong skills in at least one scripting language (e.g., Python, Bash) to develop custom automation and integrate security tools via APIs.
3. Security and Compliance Knowledge: Familiarity with common security standards, controls (e.g., CIS Benchmarks, OWASP Top 10), and the specific compliance requirements typical of the Singapore public sector environment.
4. Cloud/Container Security Experience: Practical experience securing common public cloud environments (AWS, Azure, or GCP) and container orchestration platforms (Kubernetes, OpenShift).
5. Problem-Solving and Communication Skills: Excellent analytical skills to troubleshoot complex, cross-functional security issues, and strong verbal/written communication to explain risks and solutions to both technical and non-technical stakeholders (including client teams).

• If you’re ready to take on the challenge of securing high-stakes public sector systems in a fast-paced, adaptive SME environment, !

What's on Offer?

• Work within a company with a solid track record of success
• Work alongside & learn from best in class talent
• Great work environment