Principal DevSecOps Engineer

Overview

Lead DevSecOps strategy, build secure platforms, guide security across engineering.

Key Responsibilities

• threat modeling
• design review
• security automation
• ci/cd security
• devsecops
• security platforms

Tasks

You will be part of the Digital Technology Team and together, you will innovate, create, and deploy digital products that will empower more than 3,800 employees within SP Group and improve the quality of life for more than 1.7 million commercial, industrial and residential customers that SP Group serves. We build solutions that enable sustainable high-quality lifestyles and help consumers save energy and cost, as well as supporting national goals for a sustainable liveable city. -Act as a hands-on architect, performing in-depth threat modeling, design reviews, and code reviews on mission-critical systems. -Bridge the gap between development, operations, and security teams by fostering collaboration, aligning priorities, and ensuring seamless integration of security practices across the SDLC. -Make strategic and technical decisions on cybersecurity priorities. -Represent the organization in external forums such as industry conferences, open-source communities, and in the broader tech networks to promote secure engineering practices and support talent engagement. -Design and build sophisticated security automation and tooling that scales with the company's growth, including advanced CI/CD pipeline security controls and automated vulnerability management systems. -Serve as the primary technical advisor and domain expert on all security-related matters for senior leadership and product teams. -Embed security by design throughout the entire software development lifecycle, from planning and development to release and operations, enabling teams to innovate securely and efficiently. -Communicate complex cybersecurity risks and technical decisions to a wide range of stakeholders, from junior engineers to the C-suite. -Drive the adoption of new security technologies and methodologies by creating reusable patterns, frameworks, and reference architectures. -Drive the strategy, improvement, and implementation of our DevSecOps practices across all engineering teams. -Define, evangelize, and drive the multi-year DevSecOps strategy and roadmap for the entire engineering organization. -Architect and lead the development of foundational, self-service security platforms and services that empower engineering teams to build, test, and deploy secure applications at scale. -Solve the company’s most challenging security and scalability problems with elegant, scalable, and resilient solutions. -Represent the engineering organization in company-wide security governance and risk management discussions. -Act as a company-wide technical evangelist for security, delivering presentations and workshops to inspire a security-first mindset. -Mentor and coach senior engineers across the company, fostering a culture of security ownership and continuous improvement. -Lead cross-functional initiatives involving multiple business units (e.g., Legal, Product, and Engineering) to ensure that security and compliance requirements are met proactively.

Requirements

• kubernetes
• terraform
• ci/cd
• python
• cissp
• leadership

What You Bring

-Strong familiarity with major security frameworks and standards (e.g., OWASP Top 10, NIST, ISO 27001). -Exceptional leadership and communication skills, with a proven ability to influence and guide stakeholders at all levels. -Demonstrated ability to architect, build, and secure complex cloud-native systems and microservices at scale. -High degree of adaptability, intellectual curiosity, and a continuous learning mindset. -Mastery of containerization and orchestration technologies (Docker, Kubernetes) and their security best practices. -Comprehensive understanding of the attacker's perspective and a deep knowledge of security tools and practices, including SAST, DAST, SCA, secrets management, and secrets scanning. -GIAC certifications (e.g., GWEB, GPEN, GCSA) are a plus. -Proven experience in a senior-level engineer or architect role, with a track record of driving significant, company-wide technical and cultural change. -Deep knowledge of cloud platforms (AWS, Azure, or GCP), their security services, and Infrastructure as Code (IaC) tools like Terraform. -Expertise in designing and implementing secure CI/CD pipelines on platforms like GitLab CI, Jenkins, or GitHub Actions. -Certified Information Systems Security Professional (CISSP) is a plus. -Expertise in at least one major programming language (e.g., Python, Go, Java, or similar) with a focus on writing secure, maintainable code. -Azure/AWS Certified Security - Specialty, or other cloud-specific security certifications, are a plus. -Minimum of 10 to 15 years of progressive experience in software engineering, DevOps, or cybersecurity, with a strong emphasis on driving large-scale security initiatives. -Outstanding problem-solving and critical-thinking skills, with a knack for identifying the root cause of complex, ambiguous problems.

People Also Searched For

Benefits

-Opportunity to work on the cutting edge of digital engineering practices -Collaborative and fast-paced work environment

About Sp Group

-It has grown into Asia‑Pacific’s national electricity and gas grid operator. -It owns and runs transmission and distribution networks in Singapore and Australia, underpinning industrial, commercial and residential energy supply. -Its renewable arm develops district cooling, EV charging, solar farms, microgrids and green digital energy solutions across Singapore and the region. -Flagship projects include the world’s largest underground district cooling network in Marina Bay and shared cooling systems in towns like Tampines. -Through joint ventures, it co‑develops major infrastructure like Australia’s Jemena utility assets and STMicroelectronics’ industrial district cooling in Ang Mo Kio.

Sector Specialisms