DevSecOps Engineer

About the Company

Our client has built an advanced digital lending platform, driven by data but powered by people. They combine a genuine understanding of on-the-ground realities with leading-edge innovation to create meaningful, practical and first-to-market financial solutions.

About the Role

As a DevSecOps Engineer, you will play a crucial role in ensuring the security, reliability, and efficiency of our software development and delivery processes. You will work closely with our development, quality assurance, operations, and security teams to integrate security practices seamlessly into our DevOps pipeline.

Responsibilities

Design and Implement Secure DevOps Practices: Collaborate with development and operations teams to design, implement, and maintain secure DevOps practices and processes

Continuous Integration/Continuous Deployment (CI/CD): Develop and maintain CI/CD pipelines to automate software build, test, and deployment processes while integrating security controls at each stage

Security Tooling Integration: Integrate security tools and technologies into the CI/CD pipeline to automate security testing, vulnerability scanning, and compliance checks

Infrastructure as Code (IaC): Implement infrastructure as code practices using tools like Terraform/Terragrunt to automate the provisioning and management of infrastructure resources securely

Security Testing and Auditing: Conduct security testing, code reviews, and audits to identify and remediate security vulnerabilities in applications, infrastructure, and configuration

Incident Response and Monitoring: Develop and maintain monitoring and incident response processes to detect and respond to security incidents in a timely manner

Security Compliance: Ensure compliance with relevant security standards, regulations, and best practices (e.g., ISO 27001, SOC) by implementing appropriate security controls and measures

Security Awareness and Training: Provide guidance and training to development and operations teams on secure coding practices, DevSecOps principles, and emerging security threats

Documentation and Reporting: Document security processes, procedures, and configurations, and generate reports on security metrics, compliance status, and incidents

System Availability Monitoring and Reporting: Implement automated tools and processes to monitor the availability and performance of systems, applications, and infrastructure. Generate reports on system uptime, response times, and other key performance indicators to ensure reliability and scalability. Collaborate with the operations team to proactively address any issues and optimize system performance

Stay Updated: Stay abreast of the latest security trends, vulnerabilities, and best practices in DevSecOps and proactively recommend and implement improvements

Qualifications

• Bachelors degree in Computer Science, Information Security, or related field

• Up to 3-year work experience in DevOps, Security, SRE, or related fields is preferred

• Familiarity with public cloud, must have AWS and Google Cloud Platform experience

• Programming knowledge in NodeJS, Python, Shell, or similar technology

• Experience with containerized technologies including Docker (must-have) and Kubernates (nice-to-have)

• Strong understanding of DevOps principles and practices

• Familiarity with security testing tools and techniques

Benefits

• Social Security

• Group Insurance (Health, Life, Accident)

• Provident Fund (6% of monthly salary)

• Variable Bonus (Average 3 months)

• Annual Leave (15 days/year)

• Individual Development Program (IDP)

• Online Psychologist

• Massage Service, Free Lunch and Snack (every Tuesday)

• Car Parking

• Outing and other activities

• Hybrid Work (1 day work from office -Tuesday)

Working Condition

• This is a full-time position based at office in Bangkok, Thailand

• Regular office hours are Monday to Friday