Assistant Manager, GT-TSS, Infrastructure Innovation, DevSecOps (DevSecOps Engineer)

CIMB

  • Malaysia
  • Permanent
  • Full-time
  • 21 days ago
Job Category: Information Technology and ServicesJob Description: Job Purpose *The DevSecOps Engineer is responsible for embedding and maintaining strong security practices within the organization's DevOps processes to ensure the security, compliance, and operational efficiency of financial applications. This role plays a critical part in strengthening the company's security posture, with a primary focus on supporting on-premises environments.The engineer will be actively involved in:
  • Deployment and automation activities
  • Security integration throughout the CI/CD pipeline
  • Project delivery
  • Operational support
  • Additional tasks as assigned
This position bridges development, security, and operations, providing hands-on support to deliver secure, reliable, and scalable solutions.Key Responsibilities *
  • Security Integration
  • Embed security controls and practices within CI/CD pipelines, tools, and processes.
  • Ensure all deployments and system changes adhere to security and compliance requirements, particularly for financial applications.
  • Deployment & Automation
  • Develop, maintain, and improve deployment pipelines with automation and security best practices.
  • Support and manage deployment activities across on-premises environments.
  • Vulnerability Management
  • Perform vulnerability scanning, remediation tracking, and security patch management.
  • Work closely with application, infrastructure, and security teams to address security gaps.
  • Operational Support
  • Provide day-to-day support for DevSecOps tools and infrastructure.
  • Troubleshoot deployment, security, and operational issues promptly.
  • Collaboration & Stakeholder Engagement
  • Work closely with development, infrastructure, security, and audit teams to ensure alignment on security and operational requirements.
  • Engage with vendors as needed to resolve technical and support issues.
  • Continuous Improvement
  • Continuously evaluate and recommend improvements to existing DevSecOps processes, tools, and security controls.
  • Stay current with emerging security trends, tools, and best practices.
  • Compliance & Documentation
  • Ensure DevSecOps practices comply with internal policies, industry standards, and regulatory requirements.
  • Maintain clear and comprehensive documentation of configurations, processes, and incident resolutions.
Job Specification *Qualifications(Basic Degree/Diploma etc)
  • Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, Software Engineering, or a related field.
  • A Master's Degree in a related discipline will be an added advantage.
Professional Qualification and/or Regulatory, Licensing requirements
  • DevOps Tools Certification: Jenkins, GitLab CI/CD, Kubernetes, Docker, or equivalent.
  • Security Certifications:
  • CompTIA Security+, Certified Information Systems Security Professional (CISSP), or equivalent.
  • Certified DevSecOps Professional, or related security-focused DevOps certifications will be an advantage.
  • Cloud/Container Certifications:
  • Kubernetes Administrator (CKA), Docker Certified Associate, or equivalent.
  • ITIL Foundation certification is an advantage.
Relevant Work Experience
  • Minimum 3-5 years of hands-on experience in a DevOps or DevSecOps role, preferably in the financial services or regulated industries.
  • Proven experience in:
  • Building and maintaining CI/CD pipelines with integrated security tools.
  • Managing on-premises infrastructure and deployments.
  • Implementing security controls, vulnerability management, and automated security testing.
  • Strong working knowledge of:
  • Configuration management tools (e.g., Ansible, Helm, Terraform)
  • Containerization platforms (e.g., Kubernetes, Docker)
  • Security scanning tools (e.g., Trivy, SonarQube, Snyk)
  • Experience in supporting security audits and ensuring compliance with security policies and regulatory requirements.
Required Competencies and Skills *Competencies/Skills(Essential to succeed in this job)Technical Competencies
  • Strong understanding of DevSecOps principles, methodologies, and best practices.
  • Hands-on experience with CI/CD tools (e.g., GitLab CI/CD, Jenkins).
  • Proficient in containerization and orchestration using Docker and Kubernetes.
  • Solid knowledge of security integration within the software development lifecycle (SDLC), including vulnerability scanning, static and dynamic code analysis, and security automation.
  • Familiar with configuration management tools such as Ansible, Helm, or Terraform.
  • Competent in managing on-premises infrastructure, with exposure to cloud environments being an added advantage.
  • Proficient in using security tools (e.g., Trivy, SonarQube, Snyk, Fortify) for application and infrastructure security assessments.
  • Strong scripting skills (e.g., Bash, Python, Groovy) for automation and integration.
  • Good understanding of network security, firewalls, and access control principles
Core Competencies
  • Strong problem-solving skills with the ability to assess security risks and recommend appropriate solutions.
  • Effective cross-functional team player, working closely with development, security, infrastructure, and audit teams.
  • Strong verbal and written communication skills to present technical concepts clearly to both technical and non-technical stakeholders.
  • Thorough and precise in managing security configurations, deployments, and compliance documentation.
  • Ability to work in a fast-paced environment, managing multiple priorities and shifting project demands.
  • Proactive in staying updated with the latest DevSecOps trends, security threats, and emerging tools.
  • #LI-AZ1

CIMB