Remote role (Work from home)
Singapore client
Offshore role
Working hours and public holidays as per Singapore
1 yr Renewable contract
We are seeking a highly skilled and passionate DevSecOps Engineer to champion the integration of security at every stage of the Software Development Lifecycle (SDLC). This role sits within our Cloud / Platform Engineering team, acting as a bridge between development, operations, and security to deliver secure, scalable, and high-performing cloud platforms.
The ideal candidate is not just a security specialist or an operations engineer, but a hands-on engineer who knows how to embed security into fast-paced, agile delivery pipelines without compromising developer productivity or delivery velocity.
Key Responsibilities
Security Champion & Culture
- Advocate and educate development teams on secure coding practices, threat modeling, and security-by-design principles.
- Promote a security as a shared responsibility culture across engineering teams.
- Lead security reviews, architecture assessments, and threat modeling sessions for new features and platforms.
Secure CI/CD Pipeline Management
- Design, implement, and maintain secure CI/CD pipelines with automated security gates.
- Integrate SAST, SCA, and vulnerability scanning tools such as SonarQube, Nexus IQ, Tenable, and similar solutions.
- Implement policy-as-code and automated compliance validation using Open Policy Agent (OPA).
Container & Kubernetes Security
- Secure containerized workloads using Docker, Kubernetes, and Amazon EKS.
- Enforce Kubernetes best practices including network policies, pod security standards, admission controllers, and runtime security.
- Manage container image scanning and vulnerability remediation throughout the development lifecycle.
Automation, CI/CD & Release Management
- Own the end-to-end CI/CD strategy, building and optimizing pipelines to support reliable, automated deployments from commit to production.
- Design and implement monitoring, logging, and alerting solutions to ensure availability and performance.
- Define and report on SLOs and SLIs.
- Build and manage release workflows using Jira, integrating tools such as CodeCommit, Jenkins, SonarQube, Nexus IQ, Nexus Repository, Ansible, and AWS.
Operational Excellence & Enablement
- Identify and eliminate operational toil through automation, including provisioning, configuration management, and operational runbooks.
- Collaborate with security teams to implement secrets management (Vault), compliance controls, and shift-left security practices.
- Troubleshoot complex CI/CD, infrastructure, and security issues; perform root cause analysis (RCA) and standardize resolution processes.
Leadership & Mentorship
- Provide technical guidance and mentorship to engineers across Dev, Ops, and Platform teams.
- Conduct knowledge-sharing sessions and promote DevSecOps best practices across the organization.
Required Qualifications
Education & Experience
- Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree or certifications are a plus).
- 5+ years of DevSecOps experience, with 5+ years of hands-on Jenkins pipeline development and security scanning integration.
- Proven experience managing both development and operations automation in production environments.
Technical Skills
- Strong expertise in Jenkins pipeline development (Groovy) and CI/CD onboarding.
- Experience with build and orchestration tools such as Maven, Jenkins, and CloudBees.
- Strong hands-on knowledge of:
- SAST: SonarQube
- SCA: Nexus IQ, Nexus Lifecycle, Nexus Firewall
- Artifact repositories: Sonatype Nexus or JFrog
- Strong experience with AWS cloud services, Docker, and Kubernetes (EKS).
- Solid knowledge of UNIX/Linux systems and shell scripting.
- Business-aware mindset with the ability to balance security, velocity, and developer experience.
Registration No. / Unique Entity Number: 199801439D
Disclaimer:The company is committed to ensuring the privacy and security of your information. By submitting this form, you consent to the collection, processing, and retention of the information you provide. The data collected (which may include your contact details, educational background, work experience and skills) will be used solely for the purpose of evaluating your qualifications for the position you're applying for. Your data will be stored securely and retained for the duration necessary to fulfill our hiring process. If you are not selected for the position, your data will be kept on file for a limited period in case future opportunities arise. You have the right to access, correct, or delete your data at any time by contacting us at Quess Singapore | A Leading Staffing Services Provider in Singapore (quesscorp.sg)
