DevSecOps Engineer
Powerverse
- Kuala Lumpur
- Permanent
- Full-time
- Design, implement, and maintain DevSecOps processes and practices to ensure the seamless integration of security into development, deployment, and operations workflows.
- Automate security controls and compliance checks using configuration management tools, continuous integration/continuous deployment (CI/CD) pipelines, and infrastructure-as-code (IaC) frameworks.
- Collaborate with development teams to incorporate security requirements and best practices into software design, coding, testing, and deployment processes.
- Implement and maintain security controls, configurations, and monitoring for cloud-based infrastructure and IoT devices to protect against cyber threats and vulnerabilities.
- Conduct security assessments and vulnerability scans of cloud environments and IoT deployments, identifying and remediating security issues in a timely manner.
- Implement encryption, access controls, identity management, and other security measures to safeguard data and ensure compliance with industry regulations and standards.
- Develop and maintain incident response plans and playbooks to effectively detect, respond to, and recover from security incidents and breaches.
- Monitor cloud environments and IoT networks for signs of unauthorized access, malicious activities, and security incidents, leveraging security information and event management (SIEM) tools and threat intelligence feeds.
- Investigate security incidents, conduct root cause analysis, and implement remediation actions to prevent recurrence and strengthen security posture.
- Evaluate, implement, and manage security tools and technologies to enhance security automation, threat detection, and incident response
- Stay up-to-date on emerging security trends, technologies, and best practices, continuously evaluating and recommending new tools and techniques to enhance security posture.
- Bachelor's degree in Computer Science, Information Security, or a related field; advanced degree preferred.
- Proven experience (3 years) in DevOps, software development, or system administration roles, with a focus on security and compliance.
- Strong technical expertise in cloud computing platforms (e.g., AWS, Google Cloud), IoT technologies, and containerization (e.g., Docker, Kubernetes).
- Hands-on experience with security tools and technologies such as intrusion detection/prevention systems (IDS/IPS), firewalls, vulnerability scanners, SIEM platforms, and identity and access management (IAM) solutions.
- Familiarity with security frameworks and standards such as NIST Cybersecurity Framework, CIS Controls, ISO 27001, and GDPR.
- Excellent scripting and programming skills (e.g., JavaScript/TypeScript, Python, Bash) for automation and tool development.
- Experience deploying and managing SDLC automation tools (e.g., Jenkins, Ansible, Git / Bitbucket, Robot Framework)
- Experience implementing CI/CD pipelines.
- Strong analytical and problem-solving skills, with the ability to assess complex security issues, prioritize tasks, and drive resolution.
- Excellent communication skills, with the ability to effectively collaborate with cross-functional teams and communicate security concepts to technical and non-technical stakeholders.