DevSecOps Engineer
Singapore, Central Singapore, Singapore
Sopra Steria
Sopra Steria, a European Tech leader recognised for its consulting, digital services and software development, helps its clients drive their digital transformation to obtain tangible and sustainable benefits.Company:
Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 60,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.
Description:
In this role, you will join a team of six members from Sopra Steria to support one of our government project. The scope of work includes:
- Security Risk Assessment
- Security Policies, Standards, Guidelines, And Procedures Review
- Security Design
- Application Security
- Vulnerability assessment and
- System Security Acceptance Testing
Responsibilities:
- Integrate security into the CI/CD pipeline, ensuring security controls and best practices are embedded from the early stages of development.
- Conduct security risk assessment for Applications, including Mobile Application, and Web Application.
- Develop, document, and enforce security policies, standards, and procedures for application development and deployment.
- Guide application project teams to perform AppSec assessments using a combination of threat modelling, code scanning, vulnerability research, application security testing and recommend treatment/mitigation measures and action to be taken.
- Review and recommend security testing tools, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Vulnerability Assessment and Penetration Testing (VAPT) .
- Apply secure coding techniques to review and assess vulnerabilities on systems developed using popular web/mobile programming languages, such as HTML, JavaScript, Node.js, Angular, ASP.NET, C#, Java, PHP, Python and Ruby.
Requirements
- At least 3 years of experience in DevSecOps, Application security, or cloud computing (eg: AWS)
- Experience working with mobile and web application programming interfaces (API) architecture
- Demonstrate knowledge in industry security best practices such as OWASP Top 10, OWASP application security verification standard
- Familiar with Agile Development process, CI/CD, DevOps concepts, tools (Git, Gitlab, Github, Jenkins, Anslbe etc)
- Good verbal/written communications skills and experience interacting with various stakeholders
- Strong problem-solving and troubleshooting skills
Benefits
- Regular team buildings
- 18 leave days / year
- HSBC Insurance, GP, Dental, Optical
- Annual bonus
- Working hours: from 9am to 6pm, Monday to Friday
- Training and certifications paths
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security ASP.NET AWS C CI/CD Cloud DAST DevOps DevSecOps GitHub GitLab Java JavaScript Jenkins Node.js OWASP Pentesting PHP Python Risk assessment Ruby SAST Vulnerabilities
Perks/benefits: Salary bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.