DevSecOps Engineer

Vinova · Singapore

Sector
AI
Function
Product & Engineering
Level
Mid-Level
Employment type
Contract
Posted
2026-07-07
Source
mycareersfuture

Position OverviewWe are seeking an experienced DevSecOps with Observability Engineer to join our teamand drive the implementation of secure, scalable, and comprehensively observablecloud infrastructure. The successful candidate will be responsible for building andmaintaining CI/CD pipelines, implementing security controls throughout thedevelopment lifecycle, and establishing enterprise-grade observability practices thatprovide deep insights into system performance, security posture, and operationalhealth across our entire technology stack.Key ResponsibilitiesInfrastructure & Cloud Management Design, implement, and maintain cloudinfrastructure on AWS using Infrastructure as Code principles. Manage containerisedapplications using Amazon EKS and ensure optimal performance, security, and costefficiency. Collaborate with development teams to architect scalable solutions thatmeet both functional and non-functional requirements whilst embedding observabilityfrom the ground up.Security Controls Implementation Implement and maintain security controlsthroughout the development lifecycle, from code commit to production deployment.Integrate automated security testing, static and dynamic code analysis, andvulnerability scanning into CI/CD pipelines. Establish security gates and approvalprocesses that prevent vulnerable code from reaching production environments.Develop and enforce security policies for container images, infrastructureconfigurations, and application deployments with comprehensive securityobservability.Advanced Monitoring & Observability Design and implement enterprise-gradeobservability solutions using ELK Stack or Prometheus-Grafana to providecomprehensive insights into system performance, security events, and operationalhealth. Architect distributed tracing solutions using OpenTelemetry to monitorapplication performance across complex microservices architectures and troubleshootissues with precision. Create sophisticated dashboards, alerts, and reportingmechanisms that provide actionable insights to stakeholders whilst ensuring securityevents, performance anomalies, and operational issues are proactively identified andinvestigated. Implement observability-driven incident response and post-mortemprocesses.CI/CD Pipeline Management Build, maintain, and optimise CI/CD pipelines usingGitLab Runners to enable rapid, reliable, and secure software delivery. Embed securitycontrols and observability instrumentation at every stage of the pipeline including pre-commit hooks, automated security testing, compliance checks, and deploymentvalidation. Implement automated testing, security scanning, and deploymentprocesses that support continuous integration and deployment practices whilstmaintaining zero-trust security principles and comprehensive pipeline observability.Infrastructure as Code & Policy as Code Implementation Leverage Infrastructure asCode tools, particularly Terraform, to automate infrastructure provisioning andmanagement with built-in security controls, compliance checks, and observabilityinstrumentation. Implement Policy as Code frameworks to codify governance,compliance, and security policies that are automatically enforced across allinfrastructure deployments. Develop custom automation scripts and tools tostreamline operational processes whilst ensuring security standards and observabilityrequirements are maintained. Integrate and utilise GenAI-based coding agents toenhance development productivity and code quality, implementing appropriate securityguardrails and observability for AI-assisted development.Observability Strategy & Implementation Develop and execute comprehensiveobservability strategies that encompass metrics, logs, traces, and events across theentire application and infrastructure stack. Implement service level objectives (SLOs)and service level indicators (SLIs) to measure and improve system reliability. Design andmaintain observability platforms that support real-time monitoring, historical analysis,and predictive insights for both operational and security use cases.Essential RequirementsTechnical Skills• Extensive experience with AWS cloud services and architecture patterns• Strong proficiency in Terraform for Infrastructure as Code implementation,including advanced features such as modules, workspaces, and statemanagement• Deep hands-on experience with ELK Stack (Elasticsearch, Logstash, Kibana) orGrafana for monitoring, visualisation, and observability• Strong knowledge of Amazon EKS and container orchestration with observabilitybest practices• Advanced experience implementing observability solutions and distributedtracing with OpenTelemetry across complex distributed systems• Proficiency with GitLab or GitHub for version control and CI/CD pipelinemanagement• Experience with GenAI-based coding agents and AI-assisted development toolsObservability Expertise• Proven experience designing and implementing comprehensive observabilitystrategies for large-scale distributed systems• Deep understanding of the three pillars of observability: metrics, logs, andtraces, and their integration• Experience with observability tools such as Prometheus, Splunk, or commercialAPM solutions• Knowledge of observability data correlation, anomaly detection, and automatedalerting strategies• Understanding of observability-driven development and operational practicesSecurity & Compliance• Strong understanding of DevSecOps principles and implementing securitycontrols throughout the development lifecycle using Infrastructure as Code andPolicy as Code methodologies• Experience with security scanning tools, SAST/DAST solutions, and vulnerabilitymanagement integrated into IaC workflows and automated through policyenforcement• Knowledge of compliance frameworks, security standards, and regulatoryrequirements codified and enforced through Policy as Code implementations• Understanding of network security, identity and access management, and dataprotection defined and managed through Infrastructure as Code templates andpolicy definitions• Experience with security orchestration and incident response proceduresautomated and standardised through Infrastructure as Code and Policy as CodeframeworksProfessional Experience• Minimum 5 years of experience in DevOps, SRE, or similar roles with security andobservability focus• Minimum 2 years of hands-on Terraform experience in production environments• Proven track record of implementing and managing secure cloud infrastructureat scale with comprehensive observability• Experience working in agile development environments with security integrationand observability practices• Strong problem-solving skills and ability to work under pressure whilstmaintaining security standards and observability requirementsPreferred Qualifications• AWS certifications (Solutions Architect, DevOps Engineer, or Security Specialty)• HashiCorp Certified: Terraform Associate or Professional certification• Observability and monitoring certifications or demonstrable experience• Experience with Terraform Enterprise or Terraform Cloud• Experience with additional monitoring tools, APM solutions, and observabilityplatforms• Experience with policy-as-code and governance automation using tools likeSentinel or Open Policy Agent• Background in software development with understanding of secure codingpractices and observability instrumentationWhat We Offer• Opportunity to work with cutting-edge technologies, security tools, andobservability platforms• Collaborative environment with opportunities for professional growth in securityand observability• Continuous learning and development opportunities in emerging security andobservability technologiesThis role offers the opportunity to shape our DevSecOps and observability practices,contributing to building robust, secure, and comprehensively observable systems thatprotect our organisation's assets whilst enabling rapid and reliable software deliverythrough advanced Infrastructure as Code, Policy as Code, and observability practices

Apply on mycareersfuture →
AI Security Controls Terraform Technical Skills Infrastructure as Code (IaC) Container Orchestration EC2 Cloud Infrastructure