DevOps Engineer (DevSecOps)

CrimsonLogic • Contract • Singapore, SG • 2w ago

Our Employee Value Proposition

Advancing our People.

Advancing our World.

At CrimsonLogic, we put your Career and Well-being first.

We are committed to advancing your career through a full spectrum of professional Development programs with the support of a strong Total Rewards philosophy that focus on your well-being.

We believe that by investing in each and every one of our employees’ professional and personal growth, we can collectively make a positive impact on the world as we strive for greatness together in a nurturing and inclusive workplace.

Role Purpose(s)

As the DevOps Engineer (DevSecOps), you will lead and embed security-first practices across CI/CD, cloud infrastructure, and runtime environments.

Job Responsibilities & Duties

DevSecOps / Security Enablement

● Embed security controls in CI/CD pipelines (e.g., SAST, DAST, dependency checks, container scans).

● Automate enforcement of security policies (e.g., secret detection, SBOM generation, license policy gates).

● Collaborate with DOE Lead and CISO to implement compliance controls (NIST, GovTech standards).

● Integrate tools like SonarQube, Trivy, Snyk, Checkov, or custom scanners into pipelines.

● Maintain infrastructure hardening and secure baseline templates (e.g., CIS benchmarks, AMI/Container baselines).

● Co-own audit and logging configurations (e.g., CloudTrail, Security Hub, WAF logs, GuardDuty alerts).

Cloud Infrastructure & CICD Operations

● Maintain and improve secure, automated CICD pipelines.

● Define IaC security validation steps (e.g., Terraform policy-as-code with OPA or Checkov).

● Implement backup, DR, and secrets management workflows in alignment with platform guardrails.

● Support runtime observability with secure logging and alerting pipelines (e.g., ELK/Opensearch, Prometheus, Grafana).

Day 2 Operations Collaboration

● Support vulnerability triage and incident response processes.

● Maintain operational runbooks with security context for SRE rotations.

● Contribute to secure service rollout (mTLS, ALB/NLB policies, header validations, etc.).

● Collaborate to address hardening gaps in Day 2 operations.

Key Job Competencies

Results Oriented
Interpersonal Savvy
Organisational Awareness
Decision Quality

Education Requirements

Bachelor’s degree in Computer Science, Information Technology, Software Engineering, or a related field is required.

Working Experience Requirements

4–6 years of combined DevOps/Security Engineering experience.

Skills Required

● Hands-on experience in securing AWS cloud infrastructure (IAM, KMS, GuardDuty, WAF).

● Hands-on experience in commercial security tools (Next GEN Firewalls, Database Activity Monitoring).

● Proven experience integrating security checks into GitOps / CI pipelines (e.g., GitLab CI, GitHub Actions, Jenkins).

● Solid experience with container security: Docker image scanning, Kubernetes RBAC, admission controllers.

● Proficiency in scripting (Bash, Python, or similar) for automation.

● Familiarity with compliance requirements: NIST 800‑53, CIS benchmarks.

● Strong diagnostic skills, especially in cloud networking, TLS configurations, and log analysis.

● Experience with IaC (Terraform/Helm), GitOps, and configuration management.

● Bonus: Experience conducting or responding to security audits or VAPT findings.

CrimsonLogic is proud to be an equal opportunity employer. We hire talented and passionate people of all backgrounds and create an inclusive workplace for all employees to develop and build their career with us.