DevSecOps Engineer
Ho Chi Minh City, Ho Chi Minh City, Vietnam
Location: Ho Chi Minh City,Ho Chi Minh City,Vietnam
As a DevSecOps Engineer at TrustingSocial, you will play a crucial role in implementing and operating security tools and standards across our infrastructure. Your responsibilities will extend to managing core infrastructures, executing continuous integration and deployment pipelines, and operating a variety of security stacks. DevSecOps team's role is essential in maintaining a proactive security culture and reducing the risk of security incidents while ensuring the smooth operation of development and operational activities. This role requires a high level of technical expertise, familiarity with security best practices, and standards compliance.
Responsibilities
- Security Integration: Deploy and operate various security applications, and security solutions such as WAF, PAM, Cloud Workload Security, GitHub Action, GitHub Advanced Security, GCP Security Command Center, Azure Sentinel, and AWS Security Stack
- Vulnerability Management: Conduct regular vulnerability assessments and manage patching of CVEs (Common Vulnerabilities and Exposures)
- Infrastructure Sharing and CI/CD: Manage central infrastructure sharing systems and establish continuous integration/continuous deployment & security protocols
- Identity and Access Management (IAM): Develop and manage IAM roles using Terraform to control user access, assign permissions, and audit system users effectively
- Security Log & Monitoring such as SIEM: Streamline logs and build a robust, centralized SIEM log system, sending alerts across various SOC channels
- Cloud System Management: Manage multi-cloud accounts on Google Cloud, AWS, and Azure using Privileged Identity Management (PIM) solutions
- Security Standardization: Drive standardization of security domains for the DevSecOps team and ensure adherence to security best practices and regulations, including ISO 27001 and PCI DSS standards
- Automated Tools Development: Develop automated tools for gathering billing data and assessing cloud and on-premise assets
- Regular Scanning and Reporting: Conduct regular security scans and send weekly and monthly reports to the GRC teams for ticketing and issue resolution
- Incident Response: Participate in the incident response team, ready to swiftly address and mitigate any security incidents
- Collaboration: Collaborate with other teams, ensuring security measures are integrated into their workflows and addressing any security-related issues
Requirements
- Degree: A minimum of a Bachelor's degree in Information Technology, Computer Engineering, Cybersecurity, or a related field
- Experience: At least 1–2 years of experience working in related fields, such as software development, systems management, or network security
- Programming Skills: Proficiency in at least one programming language such as Python, Ruby, Java, or Go
- Understanding of DevOps and related tools: Knowledge of DevOps tools and methodologies like CI/CD, Jenkins, Docker, Kubernetes, etc
- Communication Skills: Ability to communicate effectively, work in a team, and solve problems
- Proficiency with security tools like WAF Cloudflare, Teleports, Datadog Cloud Workload Security, GitHub, GitHub Advanced Security, GCP Security Command Center, Azure Sentinel, and AWS Security Stack
- Familiarity with cloud platforms such as Google Cloud, AWS, and Azure, and PIM, Terraform Automation solutions
- Knowledge of security central management and SIEM systems
- Strong written and verbal communication skills in English
- Preferred Qualifications:
- Experience in a similar DevSecOps role, preferably in a large-scale environment
- Experience with incident response and handling security incidents
- Thorough understanding and experience with ISO 27001 and PCI DSS standards
- Experience in developing automated tools for data collection and asset assessment
- Proven experience in conducting security scans and creating comprehensive reports
What we offer
Join our team and enjoy:- Competitive compensation package, including 13th-month salary and performance bonuses
- Comprehensive health care coverage for you and your dependents
- Generous leave policies, including annual leave, sick leave, and flexible work hours
- Convenient central district 1 office location, next to a future metro station
- Onsite lunch with multiple options, including vegetarian
- Grab for work allowance and fully equipped workstations
- Fun and engaging team building activities, sponsored sports clubs, and happy hour every Thursday
- Unlimited free coffee, tea, snacks, and fruit to keep you energized
- An opportunity to make a social impact by helping to democratize credit access in emerging markets
About us
We are an AI Fintech company specializing in assessing credit profiles of consumers in emerging markets combining pioneering AI with large alternative data sources. In 2020 we reached our ambitious milestone of credit profiling 1bn consumers spanning 4 countries - Vietnam, Indonesia, India & the Philippines - and building a platform for the wider industry and the financial services industry in particular to provide the 'un & under' served access to credit. At the core of this initiative has been our strict and unwavering adherence to the norms of consumer data privacy and consumer data rights.
But we're not satisfied as we embark on the next leg of our journey to deliver 100 million credit lines to consumers in the markets where we operate. Although this goal is ambitious, we truly believe that by harnessing the power of AI & Big Data we can deliver financial access at unprecedented scale.
As a firm, we're audacious problem solvers motivated by our impact on society. We deeply espouse the values of ownership - of our actions and initiatives, integrity in all we do and agility in execution.
We place great importance on doing what is right, what is best and what is innovative. And we are seeking people to champion these values and beliefs as we grow. If you are smart, driven and want to make a difference in the world with the most advanced and fascinating technology, come join our team. We can satisfy your desire to explore new territory and give you the runway to really make an impact.
Additional Info
Learn more about us here:
https://www.youtube.com/watch?v=inAEDGvOcL8&t=29s
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation AWS Azure Big Data CI/CD Cloud Cloudflare Compliance DevOps DevSecOps Docker FinTech GCP GitHub IAM Incident response ISO 27001 Java Kubernetes Monitoring Network security PCI DSS Privacy Python Ruby SIEM SOC Terraform Vulnerabilities Vulnerability management
Perks/benefits: Competitive pay Flex hours Health care Snacks / Drinks Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs