DevSecOps Security Engineering

• DevOps Automation: GitHub
• Support application team and Proficient with common developer tool sets such as JSON, REST, Shell, Perl and etc.
• Knowledge of implementing automated testing platforms, unit tests and integration testing frameworks.
• Work with Application team with API Security, Container Security, Azure Cloud Security
• Familiarity with Microsoft Azure Policy, Configuration, and Security Management tools.
• Experience with security automation and machine learning.
• Experience with working on open-source software related to Intrusion Detection, Prevention, and File Integrity Monitoring Systems and Flow based solutions.
• Software development domain and principles, including design patterns, code structure, programming languages,
• CI/CD process, continuous integration (Git), continuous deployment (Travis/Jenkins), and deployment orchestration (Ansible, puppet, or equivalent).
• Work closely with application development team to proactively stay on top of latest secure application architecture design to deliver thorough security recommendation aligned with organization's IT security technology policy & procedure.
• Direct and influence multi-disciplinary teams in implementing and operating Cyber Security controls in the Cloud.
• Collaborate with application developers and database administrators to deliver creative solutions to difficult technology challenges and business requirements.
• Execute security architectures for cloud cloud/hybrid systems.
• Responsible for automating security controls, data and processes to provide improved metrics and operational support.

Specialized Information Security Domains

• The role may be called upon to lead or be involved in reviewing or standardizing the information security architecture across key digital solutions especially on cloud security, application security and data security.
• Assist in security review and coordination for Technology division application development teams, where applicable
• Although this is an individual contributor role, the candidate should also expect to perform the role of a specialist mentor to the junior members of the staff within the team

JOB REQUIREMENTS:

• Education –

University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems)

Experience –

• Minimum 7 years of experiences of information security domain, especially hands on experience for Cloud Security
• Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
• Experience coordinating and performing vulnerability assessments through the use of automated and manual tools (Tenable, Qualys, etc).
• Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
• Capability to prepare security vulnerability and risk management reports for management.
• Proficiency in Java/JavaScript Programming and Bash, Python or other scripting languages.
• Experience configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools.
• Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
• Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
• Working experiences in insurance / banking / financial industry is preferred
• Good interpersonal and communication skill
• Good team player with a high integrity, proactive mindset, and strong ownership

Certifications/licenses –

• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CISA, CISM, CRISC, CCSP
• Certifications related to security architecture or Cloud Security is preferable, such as CCSP, Azure DevOps certification, Azure Solutions Architect certification, etc

Technical skills

• Cloud platform: Microsoft Azure
• OS: Windows, Linux
• Containerisation platform: docker
• Orchestration: Kubernetes
• Application framework: NodeJS, ReactJS, .NET, JSON
• API: Webmethods API Gateway, Experience API
• Code repository: GitHub, Bitbucket
• CI/CD pipelines: Azure DevOps, Bamboo, Jenkins
• Security scanning tools: Veracode, SonarQube, Snyk

• API
• Arch Linux
• Azure
• Kubernetes
• React JS
• Windows
• CI/CD with Jenkins
• Nodejs