S

DevSecOps Engineer

Sopra Steria I2S
Full-time
On-site
Singapore, Central Singapore, Singapore
Description

Company:

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 60,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.

Description:

In this role, you will join a team of six members from Sopra Steria to support one of our government project. The scope of work includes:

  1. Security Risk Assessment
  2. Security Policies, Standards, Guidelines, And Procedures Review
  3. Security Design
  4. Application Security
  5. Vulnerability assessment and
  6. System Security Acceptance Testing

Responsibilities:

  • Integrate security into the CI/CD pipeline, ensuring security controls and best practices are embedded from the early stages of development.
  • Conduct security risk assessment for Applications, including Mobile Application, and Web Application.
  • Develop, document, and enforce security policies, standards, and procedures for application development and deployment.
  • Guide application project teams to perform AppSec assessments using a combination of threat modelling, code scanning, vulnerability research, application security testing and recommend treatment/mitigation measures and action to be taken.
  • Review and recommend security testing tools, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Vulnerability Assessment and Penetration Testing (VAPT) .
  • Apply secure coding techniques to review and assess vulnerabilities on systems developed using popular web/mobile programming languages, such as HTML, JavaScript, Node.js, Angular, ASP.NET, C#, Java, PHP, Python and Ruby.




Requirements
  • At least 3 years of experience in DevSecOps, Application security, or cloud computing (eg: AWS)
  • Experience working with mobile and web application programming interfaces (API) architecture
  • Demonstrate knowledge in industry security best practices such as OWASP Top 10, OWASP application security verification standard
  • Familiar with Agile Development process, CI/CD, DevOps concepts, tools (Git, Gitlab, Github, Jenkins, Anslbe etc)
  • Good verbal/written communications skills and experience interacting with various stakeholders
  • Strong problem-solving and troubleshooting skills


Benefits
  • Regular team buildings
  • 18 leave days / year
  • HSBC Insurance, GP, Dental, Optical
  • Annual bonus
  • Working hours: from 9am to 6pm, Monday to Friday
  • Training and certifications paths