DevSecOps Engineer
Razer
- Shah Alam, Selangor
- Permanent
- Full-time
- Design, implement, and maintain security controls for cloud-based and on-premises infrastructure.
- Conduct regular security assessments, vulnerability scans, and risk assessments.
- Ensure compliance with industry standards (e.g., PCI-DSS, ISO27001, SOC2, GDPR) and internal policies.
- Daily review and remediation on SIEM and Horangi Warden and Sanctum,
- Weekly review and prepare action plan on AWS Security Hub, Trusted Advisor, and AWS Cost Optimization
- Follow-up, monitoring and reporting based on the progress to the management
- Collaborate with development teams to embed security practices throughout the SDLC.
- Implement secure coding practices, threat modeling, and code reviews.
- Monitor and respond to security incidents related to applications.
- Secure sensitive data stored in databases (encryption, access controls, etc.).
- Perform database vulnerability assessments and patch management.
- Monitor database activity for anomalies and potential breaches.
- Stay informed about regulatory changes and updates related to compliance.
- Assist in audits and assessments related to compliance frameworks.
- Develop and maintain compliance documentation.
- Automate security processes using tools and scripts.
- Implement Continuous Integration/Continuous Deployment (CI/CD) pipelines with security checks.
- Leverage Infrastructure as Code (IaC) for secure infrastructure provisioning.
- Work closely with cross-functional teams (development, operations, and security).
- Communicate security risks, findings, and recommendations effectively.
- Bachelor’s degree in Computer Science, Information Security, or related field.
- Certifications (one or more preferred):
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- AWS Certified Security – Specialty
- Experience:
- Minimum of 3 years in DevOps, security, or a related role.
- Proficiency with cloud platforms (AWS, Aliyun, Azure, GCP).
- Strong understanding of security principles and best practices.
- Familiarity with compliance frameworks (PCI-DSS, ISO27001, SOC2, GDPR).
- Scripting/programming skills (Python, Bash, PowerShell).