View All Jobs 156102

Devsecops Specialist, Technology Information Security Office - Remote Eligible

Develop automated security validation processes for banking DevSecOps pipelines
Singapore
Senior
yesterday
OCBC

OCBC

A leading Singaporean bank offering a range of financial services, including retail, business, and corporate banking in Asia-Pacific.
28 Similar Jobs at OCBC

Cyber Engineering - Risk

As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future. We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Protecting our customers' assets and data is at the heart of everything we do at OCBC. As a Cyber Engineering - Risk professional, you'll play a critical role in safeguarding our systems and networks from cyber threats. You'll be part of a team that's shaping the future of cybersecurity in the financial industry. To succeed in this role, you'll need to stay one step ahead of emerging threats. You'll work closely with our engineering teams to identify and mitigate risks, and develop strategies to protect our systems and data. You'll need to be proactive, collaborative, and always looking for ways to improve our cybersecurity posture.

To do your job, you'll:

  • Evaluate and analyse threat, vulnerability, impact, and risk of security issues discovered from various DevSecOps tools.
  • Advise and collaborate with DevOps teams, developers, application, and project teams on the security issues.
  • Develop and design DevSecOps metrics, policies, processes, and procedures.
  • Provide training to developers and other stakeholders on the usage of the tools.
  • Assist with implementing and designing automated security checks and additional security tools within the CI/CD pipelines.
  • Review and triage vulnerabilities discovered by automated security tools.
  • Have proficient understanding of programming languages.
  • Be proficient in scripting to support the automation and continuous improvement of processes.
  • Have knowledge in build/release tools and methodologies in CI/CD pipelines.
  • Conduct POCs and work with vendors for DevSecOps tools.
  • Liaise with external vendors and oversee the resolution of incidents and technical issues related to the security tools.
  • Effectively communicate and manage expectations of various stakeholders.
  • Keep abreast of the latest industry trends in security and DevSecOps processes and make continuous recommendations for improvement.

Who you are:

  • Minimum 5 years of cyber security experience.
  • Sound technical background of working with SAST, SCA, DAST, IAST and other vulnerability scanning tools.
  • Prior experience in performing secure code reviews, web and mobile application penetration tests.
  • Solid understanding of full DevSecOps pipeline, Agile methodology, cloud security, APIs and microservices.
  • Deep knowledge of container security and related vulnerabilities.
  • Knowledge in IaC security. Automate security validation in CI/CD pipeline for IaC deployments.
  • Capable of working with various CI/CD tools.
  • Analytical thinker with excellent communication skills.
  • A recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent.
  • Familiarity of MAS TRMG, PCI-DSS and other regulatory/industries requirements.
  • Possesses certifications in cyber security field such as GWAPT, OSCP, CISSP etc.
  • Experience working in DevSecOps for Banks in Singapore will be highly preferred.
  • Good communication (spoken and written) skills, able to work independently and as a team.

As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires. Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future. We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

What we offer:

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.

+ Show Original Job Post
Suggest a correction
























Devsecops Specialist, Technology Information Security Office - Remote Eligible
Singapore
Operations
Apply to job
About OCBC
A leading Singaporean bank offering a range of financial services, including retail, business, and corporate banking in Asia-Pacific.