DevSecOps Engineer at FINNOMENA

Bangkok, , Thailand -

Full Time

Start Date

Immediate

Expiry Date

26 Apr, 26

Salary

0.0

Posted On

26 Jan, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

DevSecOps, Penetration Testing, CI/CD, Kubernetes, Docker, Secure Coding, Collaboration, Problem Solving

Industry

Financial Services

Description

Job Description About the Role: We're looking for a skilled and experienced DevSecOps Engineer to join our team and champion a culture of security excellence. You'll play a pivotal role in automating security testing, collaborating with developers to build secure code, and conducting penetration testing to identify and remediate vulnerabilities before they reach production. Responsibilities: Design, implement, and automate DevSecOps processes and tools within our CI/CD pipeline. Conduct penetration testing on applications, infrastructure, and APIs, identifying and documenting vulnerabilities. Collaborate with developers to understand their needs and integrate security best practices into the development process. Analyze security vulnerabilities, prioritize risks, and recommend mitigation strategies. Develop and maintain security documentation, including threat models and attack surface diagrams. Stay informed about the latest security trends and threats, keeping our team and organization proactive against evolving risks. Participate in security incident response and remediation efforts. Foster a culture of security awareness within the organization through education and training initiatives. Qualifications: Proven experience with penetration testing methodologies and tools (e.g., Metasploit, Burp Suite, Nmap, Zap, etc). 3+ years of experience as a DevSecOps Engineer or a related role. Strong understanding of DevSecOps principles and practices. Experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI). Experience in Kubernetes (GKE, KUBECTL, HELM) and containers (Docker) Expertise in secure coding practices and application security frameworks. Good communication, collaboration, and problem-solving skills. Ability to work independently and as part of a cross-functional team. Bonus Points: Certification in penetration testing (e.g., OSCP, CEH, GPEN, Pentest+). Experience with Google Cloud platforms. What We Offer: The opportunity to work on cutting-edge technology and make a real impact on our organization's security posture. A collaborative and supportive work environment with a strong focus on learning and development. Hybrid working environment. Competitive compensation and benefits package. The chance to be part of a team that is passionate about security and innovation. If you're a DevSecOps Engineer with the skills and passion to take our security to the next level, we encourage you to apply!

Responsibilities

The DevSecOps Engineer will design, implement, and automate security processes within the CI/CD pipeline while conducting penetration testing to identify vulnerabilities. They will also collaborate with developers to integrate security best practices into the development process.