DevOps Specialist

Permanent with Nityo Infotech

Role - senior Security Engineer

Experience- 6-15 years

Location- Singapore

Looking For PR / Local Only

As a Senior Security Engineer, you will lead the security effort on client projects — guiding teams on secure architecture, code, and infrastructure. You will work hands-on with developers and DevOps engineers to integrate security into the delivery process, and also support enterprise security needs when clients require compliance with frameworks like ISO 27001 or CIS controls.

This role is for someone who can switch between technical depth and broader security governance ie. someone who knows how to secure real-world systems and can confidently speak to risk, compliance, and best practices with both internal teams and client stakeholders.

YOUR RESPONSIBILITIES:

• Act as the security lead on key software delivery projects
• Review application and infrastructure designs with a security lens
• Guide teams in applying secure development practices (OWASP Top 10, SAST, DAST, SCA, secrets management, etc.)
• Collaborate with DevOps/DevSecOps engineers to secure CI/CD pipelines and Infrastructure as Code
• Recommend and implement cloud security best practices (AWS, Azure, GCP)
• Support client discussions around enterprise security and compliance needs (e.g., ISO 27001, CIS benchmarks, shared responsibility models)
• Translate security requirements into clear, actionable guidance for delivery teams
• Document risk assessments, mitigation strategies, and architecture decisions
• Contribute to internal knowledge sharing, playbooks, and upskilling the team

WHO YOU ARE:

• You have 5–10 years of experience in security engineering, DevSecOps, or secure cloud architecture
• You’re hands-on with modern application stacks and cloud-native infrastructure
• You’re experienced with tools like SonarQube, Checkmarx, Snyk, GitHub Advanced Security, etc.
• You know your way around cloud security services (e.g., IAM, GuardDuty, Configure , WAF, etc.) on AWS, Azure, or GCP.
• You’re confident engaging with clients on both technical implementation and enterprise security expectations
• You’re familiar with security frameworks like ISO 27001, CIS controls, and data protection principles
• You’re comfortable with documentation and policy reviews when needed (without being "just governance")
• You have strong communication skills and can tailor your message to devsops, or business folks
• CISSP or similar certifications are a plus
• We will be prioritizing applicants who have a current right to work in Singapore, and do not require sponsorship of a visa.

Good To have:

• We need someone who has experience with Enterprise security, experience leading or implementing Secure SDLC Practices.
• Familiar with OWASP, SAST, DAST etc, need to know about ISO27001, CIS Benchmarks.
• Working knowledge of cloud platform - AWS/Azure/GCP and DevOps.