Minor Hotels Europe and Americas

DevSecOps Engineer

Minor Hotels Europe and Americas

full-time

Posted on:

Location Type: Office

Location: SingaporeSingapore

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSCloudDockerFirewallsGrafanaJenkinsKubernetesPrometheusPythonTerraform

About the role

  • Lead and embed security-first practices across CI/CD, cloud infrastructure, and runtime environments
  • Embed security controls in CI/CD pipelines (e.g., SAST, DAST, dependency checks, container scans)
  • Automate enforcement of security policies (e.g., secret detection, SBOM generation, license policy gates)
  • Collaborate with DOE Lead and CISO to implement compliance controls (NIST, Singapore Government standards)
  • Integrate tools like SonarQube, Trivy, Snyk, Checkov, or custom scanners into pipelines
  • Maintain infrastructure hardening and secure baseline templates (e.g., CIS benchmarks, AMI/Container baselines)
  • Co-own audit and logging configurations (e.g., CloudTrail, Security Hub, WAF logs, GuardDuty alerts)
  • Maintain and improve secure, automated CICD pipelines
  • Define IaC security validation steps (e.g., Terraform policy-as-code with OPA or Checkov)
  • Implement backup, DR, and secrets management workflows in alignment with platform guardrails
  • Support runtime observability with secure logging and alerting pipelines (e.g., ELK/Opensearch, Prometheus, Grafana)
  • Support vulnerability triage and incident response processes
  • Maintain operational runbooks with security context for SRE rotations
  • Contribute to secure service rollout (mTLS, ALB/NLB policies, header validations, etc.)
  • Collaborate to address hardening gaps in Day 2 operations.

Requirements

  • 4–6 years of combined DevOps/Security Engineering experience
  • Hands-on experience in securing AWS cloud infrastructure (IAM, KMS, GuardDuty, WAF)
  • Hands-on experience in commercial security tools (Next GEN Firewalls, Database Activity Monitoring)
  • Proven experience integrating security checks into GitOps / CI pipelines (e.g., GitLab CI, GitHub Actions, Jenkins)
  • Solid experience with container security: Docker image scanning, Kubernetes RBAC, admission controllers
  • Proficiency in scripting (Bash, Python, or similar) for automation
  • Familiarity with compliance requirements: NIST 800‑53, CIS benchmarks
  • Strong diagnostic skills, especially in cloud networking, TLS configurations, and log analysis
  • Experience with IaC (Terraform/Helm), GitOps, and configuration management
  • Bonus: Experience conducting or responding to security audits or VAPT findings.
Benefits
  • 40 hours of self-development every year with a huge selection of learning opportunities to choose from
  • Flexible work practices

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
CI/CDcloud infrastructuresecurity controlsSASTDASTcontainer scansIaCTerraformscriptingDocker
Soft skills
collaborationdiagnostic skillsincident responseproblem-solvingcommunication
Certifications
NIST 800-53CIS benchmarks