This person will be leading the function and resources of DevSecOps team. The key responsibility of the role is to support application development & QA, manage deployments, security and maintenance, including day-to-day relationship management with stakeholders, problem and incident management.
Responsibility:
* Deliver security tools that enable DevSecOps with a high capability of monitoring and reporting. Prioritise security functionalities and maximize automation into CI/CD pipeline efficiently and effectively.
* Work with business and IT stakeholders to design, implement and update security tools or controls, classify and prioritise risks, and guide relevant stakeholders to ensure that systems and services that are either developed in-house or acquired commercially are secured against known attack vectors and prevalent threats.
* Support SIEM integration for critical business systems.
* Conduct technical study of IS initiatives and provide technical suggestion and recommendation in design, development and system integration. Support security testing and maintain throughout the SDLC lifecycle.
Qualification:
- Min 8 years' experience working in technical IT roles, with at least 3 years' hands-on experience in enterprise security infrastructure, IS risk assessments or testing
- In-depth experience and expertise in relevant technologies and practices to setup and operate effective and efficient large scale DevSecOps platform
- Good foundation and in-depth expertise in Jenkins, Docker, Kubernetes (or similar cluster management), Java, Python, Ruby, Perl, Scripting YAML, SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), Terraform, IAM solutions
- Hands-on experience in at least two or more infrastructure setup in AWS, Google Cloud Platform, or on-premise Data Centre.
- Good understanding of Cloud technologies, agile application development, application security, site reliability engineering, and compliance requirements in financial industry