Senior DevSecOps Engineer

Overview

Lead DevSecOps strategy, secure CI/CD pipelines, and mentor engineers.

Key Responsibilities

• security automation
• secure ci/cd
• vulnerability management
• threat modeling
• iac management
• devsecops roadmap

Tasks

You will be part of the Digital Technology Team and together, you will innovate, create, and deploy digital products that will empower more than 3,800 employees within SP Group and improve the quality of life for more than 1.7 million commercial, industrial and residential customers that SP Group serves. We build solutions that enable sustainable high-quality lifestyles and help consumers save energy and cost, as well as supporting national goals for a sustainable liveable city. -Develop and implement automation for security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). -Design, build, and maintain secure CI/CD pipelines, embedding security controls throughout the SDLC. -Act as the primary point of contact for all security-related matters within the engineering organization. -Mentor and coach engineers on secure coding practices, threat modeling, and vulnerability management. -Prepare and present reports on the health of the DevSecOps program, including key metrics and KPIs. -Foster a culture of security as a shared responsibility across all engineering teams. -Establish and manage a robust vulnerability management program, prioritizing and tracking the remediation of security findings. -Communicate complex cybersecurity concepts and risks to technical and non-technical stakeholders, including senior leadership. -Influence and drive consensus on security priorities and investments. -Conduct threat modeling and risk assessments for new and existing applications. -Lead technical implementation workstreams and mentor engineers on advanced security concepts. -Champion a security-first mindset while enabling rapid innovation and delivery. -Manage and secure infrastructure using Infrastructure as Code (IaC) tools like Terraform or CloudFormation. -Partner with development teams to embed security into engineering culture and processes. -Influence without direct authority, driving adoption of secure development practices across teams. -Communicate a clear technical vision to executive leadership and cross-functional stakeholders. -Lead the planning and implementation of a comprehensive DevSecOps roadmap to mature our security posture. -Write secure, scalable, and maintainable code in languages such as Python, Go, or Java to build automation tools and security solutions. -Serve as a key technical advisor for the DevSecOps strategy for the engineering teams. -Collaborate with engineering teams to integrate security controls into application architectures and designs.

Requirements

• python
• docker
• kubernetes
• terraform
• cissp
• leadership

What You Bring

-Experience working in a hybrid agile & waterfall environment and a deep understanding of the software development lifecycle (SDLC). -Proficiency in at least one major programming language (e.g., Python, Go, Java, or similar). -Azure/AWS Certified Security - Specialty or other cloud-specific security certifications are a plus. -Hands-on experience with containerization and orchestration technologies like Docker and Kubernetes. -Familiarity with security frameworks and standards (e.g., OWASP Top 10, NIST, ISO 27001). -Proven ability to influence and collaborate with cross-functional teams and senior management. -Certified DevSecOps Professional (CDP) is a plus. -Exceptional communication and presentation skills. -Certified Information Systems Security Professional (CISSP) is a plus. -Minimum of 5-7 years of experience in software engineering, DevOps, or a related technical role, with a strong focus on cybersecurity. -Demonstrated hands-on experience in building and securing CI/CD pipelines and cloud-native applications. -Proven experience in a lead or senior-level role, with a track record of driving large-scale security initiatives. -GIAC certifications (e.g., GCSA, GWEB) are a plus. -Excellent problem-solving and critical-thinking skills. -Strong leadership and mentoring abilities. -Proficiency with Infrastructure as Code (IaC) tools (e.g., Terraform). -Expertise in CI/CD platforms such as Jenkins, or GitHub Actions. -High degree of adaptability and a continuous learning mindset. -Deep understanding of security tools and practices, including SAST, DAST, SCA, secrets management & scanning. -Strong knowledge of cloud platforms (Azure, AWS or GCP) and their native security services.

People Also Searched For

Benefits

-Opportunity to work on the cutting edge of digital engineering practices -Collaborative and fast-paced work environment

About Sp Group

-It has grown into Asia‑Pacific’s national electricity and gas grid operator. -It owns and runs transmission and distribution networks in Singapore and Australia, underpinning industrial, commercial and residential energy supply. -Its renewable arm develops district cooling, EV charging, solar farms, microgrids and green digital energy solutions across Singapore and the region. -Flagship projects include the world’s largest underground district cooling network in Marina Bay and shared cooling systems in towns like Tampines. -Through joint ventures, it co‑develops major infrastructure like Australia’s Jemena utility assets and STMicroelectronics’ industrial district cooling in Ang Mo Kio.

Sector Specialisms