DevSecOps Engineer

What You'll Do:

• Serve as a key technical advisor for the DevSecOps strategy for the engineering teams.
• Lead the planning and implementation of a comprehensive DevSecOps roadmap to our security posture.
• Foster a culture of security as a shared responsibility across all engineering teams.
• Mentor and coach engineers on secure coding practices, threat modeling, and vulnerability management.
• Design, build, and maintain secure CI/CD pipelines, embedding security controls throughout the SDLC.
• Lead technical implementation workstreams and mentor engineers on advanced security concepts.
• Partner with development teams to embed security into engineering culture and processes.
• Influence without direct authority, driving adoption of secure development practices across teams.
• Develop and implement automation for security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Write secure, scalable, and maintainable code inlanguages such as Python, Go, or Java to build automation tools and security solutions.
• Manage and secure infrastructure using Infrastructure as Code (IaC) tools like Terraform or CloudFormation.
• Conduct threat modeling and risk assessments for new and existing applications.
• Establish and manage a robust vulnerability management program, prioritizing and tracking the remediation of security findings.
• Collaborate with engineering teams to integrate security controls into application architectures and designs.
• Act as the primary point of contact for all security-related matters within the engineering organization.
• Communicate complex cybersecurity concepts and risks to technical and non-technical stakeholders, including senior leadership.
• Influence and drive consensus on security priorities and investments.
• Prepare and present reports on the health of the DevSecOps program, including key metrics and KPIs.
• Communicate a clear technical vision to executive leadership and cross-functional stakeholders.
• Champion a security-first mindset while enabling rapid innovation and delivery.

What You'll Need:

• Minimum of 5-7 years of experience in software engineering, DevOps, or a related technical role, with a focus on cybersecurity.
• Proven experience in a lead or senior-level role, with a track record of driving large-scale security initiatives.
• Demonstrated hands-on experience in building and securing CI/CD pipelines and cloudnative applications.
• Experience working in a hybrid agile & waterfall environment and a deep understanding of the software development lifecycle (SDLC).
• Proficiency in at least one major programming (e.g., Python, Go, Java, or similar).
• Expertise in CI/CD platforms such as Jenkins, or GitHub Actions.
• knowledge of cloud platforms (Azure, AWS or GCP) and their security services.
• Hands-on experience with containerization and orchestration technologies like Docker and Kubernetes.
• Deep understanding of security tools and practices, including SAST, DAST, SCA, secrets management & scanning.
• Familiarity with security frameworks and standards (e.g., OWASP Top 10, NIST, ISO 27001).
• Proficiency with Infrastructure as Code (IaC) tools (e.g., Terraform).
• Exceptional communication and presentation skills.
• leadership and mentoring abilities.
• Excellent problem-solving and critical-thinking skills.
• Proven ability to influence and collaborate with cross-functional teams and senior management.
• High degree of adaptability and a continuous learning mindset.
• Certified Information Systems Security Professional (CISSP) is a plus.
• Certified DevSecOps Professional (CDP) is a plus.
• Azure/AWS Certified Security - Specialty or other cloud-specific security certifications are a plus.
• GIAC certifications (e.g., GCSA, GWEB) are a plus.
  

Goel Navneet License No.: 02C3423 Personnel Registration No.: R1982194

Please note that your response to this advertisement and communications with us pursuant to this advertisement will constitute informed consent to the collection, use and/or disclosure of personal data by ManpowerGroup Singapore for the purpose of carrying out its business, in compliance with the relevant provisions of the Personal Data Protection Act 2012. To learn more about ManpowerGroup's Global Privacy Policy, please visit https://www.manpower.com.sg/privacy-notice.