About the job DevSecOps (MY,ID,PH)
About Us:
AYP Group is a leading HR technology solutions provider headquartered in Singapore, with regional presences across APAC
We believe in making workplaces happier and smarter through technology, helping companies to build a scalable and engaged hybrid workforce
Joining AYP, not only will you have regional exposure and cross-cultural collaborations with teams from other countries; You will also have opportunities to upskill and develop your personal and professional growth through culture of coaching
Summary:
As a DevSecOps Engineer at AYP, you will play a critical role in ensuring our software products' security, reliability, and scalability
You will work closely with our development, operations, and security teams to implement and manage security measures, automate processes, and optimise our DevOps pipeline
We want to hear from you if you are passionate about combining development, operations, and security practices to deliver secure and efficient software
Job Responsibilities:
- Secure DevOps Integration
- Collaborate with development and operations teams to embed security practices into the software development lifecycle (SDLC)
- Implement security controls, including code scanning, vulnerability assessment, and security testing, at multiple stages of the SDLC
- Maintain clear and up-to-date documentation of security integration processes
- Automation and Orchestration
- Develop and maintain automation scripts and tools for continuous integration and continuous deployment (CI/CD) pipelines
- Automate security scanning, patch management, and compliance checks to identify and address vulnerabilities proactively
- Document automation workflows and processes for reference
- Infrastructure Security
- Ensure the security of cloud infrastructure, including network configurations, access controls, and data encryption
- Implement Infrastructure as Code (IaC) practices to automate and secure infrastructure provisioning
- Document infrastructure security configurations and changes
- Incident Response
- Participate in incident response activities, including identifying and mitigating security threats and vulnerabilities.
- Contribute to the development of incident response playbooks and processes.
- Document incident response procedures and outcomes for post-incident analysis.
- Security Compliance
- Monitor and enforce security compliance with industry standards and regulations (e.g., ISO 27001, PDPA)
- Assist in preparing for security audits and assessments
- Maintain detailed compliance documentation
- Collaboration and Training
- Foster a culture of security awareness and best practices within the organisation
- Collaborate with cross-functional teams to promote security education and training
- Tool Evaluation and Selection
- Research, evaluate, and recommend security tools and technologies to enhance the security posture of our products and systems
- Document tool evaluations, recommendations and implementation plans
- Documentation Management
- Create and maintain comprehensive security policies, procedures, configurations, and incident report documentation
- Ensure documentation is up to date and accessible to relevant stakeholders
Skills and Qualifications
- Bachelor's Degree in Computer Science, Information Security, or a related subject
- Proven experience as a DevSecOps Engineer or similar role, focusing on integrating security into DevOps practices
- Strong knowledge of secure coding practices, vulnerability management and scanning tools, and security testing tools
- Proficiency in scripting and automation languages (e.g., Python, Bash, PowerShell)
- Experience with containerisation and orchestration tools (e.g., Docker, Kubernetes)
- Familiarity with AWS cloud platforms and their security services.
- Understanding of infrastructure security, network protocols, and access controls