Jobfoundry
Jobfoundry
OCBC

DevSecOps Specialist, Technology Information Security Office

OCBC
BankingOCBC SingaporeOnsitePosted 1 week ago
Apply on company site

About the role

Mid-level DevSecOps specialist responsible for embedding security into the software development lifecycle and cloud infrastructure for a semiconductor company. Focus on automation, compliance, and secure CI/CD pipelines.

BankingOnsite

Key Responsibilities

  • Design and implement secure CI/CD pipelines with integrated security scanning tools
  • Perform threat modeling and security architecture reviews for new applications and infrastructure
  • Automate security controls and compliance checks using Infrastructure as Code (Terraform, Ansible)
  • Manage container security across Kubernetes environments including image scanning and runtime protection
  • Develop and maintain security monitoring and incident response capabilities using SIEM tools
  • Conduct regular security assessments including SAST, DAST, and dependency scanning
  • Collaborate with development teams to remediate vulnerabilities and implement secure coding practices
  • Maintain security documentation and ensure compliance with ISO 27001, NIST, SOC2, and GDPR requirements

Requirements

  • 3+ years of experience in DevSecOps, application security, or cloud security roles
  • Strong experience with CI/CD platforms such as Jenkins, GitLab CI, or GitHub Actions
  • Hands-on experience with container technologies (Docker, Kubernetes) and container security tools
  • Proficiency in Infrastructure as Code using Terraform, CloudFormation, or similar tools
  • Experience with cloud security in AWS, Azure, or GCP environments
  • Knowledge of security frameworks and standards including NIST, ISO 27001, and SOC2
  • Experience with security scanning tools such as SAST, DAST, SCA, and container image scanners
  • Scripting skills in Python, Bash, or PowerShell for security automation
  • Understanding of secure coding practices and common vulnerability types (OWASP Top 10)
  • Bachelor's degree in Computer Science, Information Security, Engineering, or related field
  • Security certifications such as CISSP, CISM, CEH, or cloud security certifications preferred
  • Experience with SIEM tools and security monitoring platforms
  • Knowledge of network security concepts and tools including IDS/IPS systems