Job Description
Are you a highly motivated and experienced DevSecOps Engineer looking to make a significant impact on critical national infrastructure? BGC Group is actively seeking a talented individual to join our dedicated team working on a high-profile Government Project in the Central Region, Singapore. This is an unparalleled opportunity to leverage your expertise in a challenging yet rewarding environment, driving digital transformation and ensuring the highest standards of security for public sector platforms.
In this crucial role, you will be at the forefront of integrating security into every phase of the software development lifecycle. You will be responsible for designing, implementing, and managing robust DevSecOps pipelines, automating security controls, and ensuring continuous compliance with stringent government regulations and industry best practices. Your mission will be to embed a 'security-first' mindset, proactively identifying and mitigating risks while accelerating secure software delivery.
You will play a key part in improving our digital platform capabilities, providing expert technical advisory, and championing best practices in cybersecurity. If you possess a deep understanding of cloud security, infrastructure as code, CI/CD automation, and vulnerability management, and are eager to contribute to projects that directly impact the lives of citizens, we encourage you to apply. Join us and help build a more secure and resilient digital future for Singapore.
Responsibilities
- Design, implement, and maintain secure CI/CD pipelines, embedding automated security testing tools (SAST, DAST, SCA) at every stage.
- Collaborate with development and operations teams to integrate security controls, best practices, and threat modeling into the software development lifecycle.
- Ensure compliance with government cybersecurity policies, regulations, and industry standards, conducting regular security audits and assessments.
- Manage and enhance security tools and platforms, including vulnerability scanners, SIEM, and cloud security posture management (CSPM) solutions.
- Develop and maintain infrastructure as code (IaC) templates with security best practices for cloud and on-premise environments.
- Provide technical advisory and mentorship on DevSecOps principles, secure coding practices, and emerging cybersecurity threats.
- Lead incident response efforts related to security breaches in development and production environments.
- Drive continuous improvement in security posture through regular reviews, process enhancements, and adoption of new technologies.
Qualifications
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- Minimum of 5-8 years of experience in DevSecOps, Cybersecurity, or Software Engineering with a strong focus on security.
- Proven experience with cloud platforms (e.g., AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes).
- Proficiency in scripting languages (e.g., Python, Bash) and experience with IaC tools (e.g., Terraform, Ansible).
- Hands-on experience with CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps) and integrating security tooling within pipelines.
- Solid understanding of network security, application security, identity and access management (IAM), and data protection principles.
- Familiarity with government security standards and compliance frameworks is highly advantageous.
- Relevant certifications such as CISSP, CSSLP, AWS Security Specialty, Azure Security Engineer Associate are a strong plus.