Create Alert
Apply now »

DevSecOps Engineer

Lane Crawford is an internationally renowned luxury department store with over 175 years of success, delivering an exceptional and eclectic product curation with dynamic Asian spirit and values. As a DevSecOps Engineer, your primary responsibilities will include monitoring and addressing security incidents, managing firewall and network security protocols, and automating security processes through DevSecOps and infrastructure-as-code methodologies. Additionally, you will collaborate with vendors and internal teams to address emerging security risks and uphold comprehensive security documentation.

The Role

  • Collaborate with vendors to ensure PCI DSS compliance and manage regular PCI DSS scans for our website.
  • Develop and adopt tools to enhance security measures and practices across the organization.
  • Work with cross-functional teams to implement security standards, including PCI DSS.
  • Conduct security reviews of systems and applications prior to launch.
  • Maintain network rules in firewalls and network security groups to ensure robust security measures.
  • Monitor, investigate, and respond to security alerts and incidents.
  • Stay informed about emerging security threats, vulnerabilities, and industry trends; provide recommendations for risk mitigation.
  • Collaborate with teams to implement security-focused automation and infrastructure-as-code practices.
  • Support incident response efforts, including forensic investigations, evidence gathering, and reporting.
  • Implement security controls such as access controls, authentication mechanisms, encryption, and secure configuration management.
  • Create and maintain documentation related to security policies, procedures, and incident response.

The Candidate

  • Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
  • Solid understanding of security compliance frameworks and standards, such as OWASP, PCI DSS, CIS benchmarks, and well-architecture frameworks.
  • Experience implementing security controls and best practices in a DevSecOps environment.
  • Familiarity with secure coding practices and security testing techniques.
  • Knowledge of cloud security principles and experience working with cloud service providers (e.g., AlibabaCloud, AWS, Azure).
  • Proficiency in scripting and automation tools (e.g., Terraform, Bash, Ansible) to develop security-focused automation.
  • Understanding of vulnerability management, threat modeling, and risk assessment methodologies.
  • Experience with security incident response and incident handling procedures.
  • Strong knowledge of network and web application security principles.
  • Excellent problem-solving and analytical skills to identify and mitigate security risks.
  • Strong communication and collaboration skills to work effectively with cross-functional teams.
  • Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) are a plus.

Apply now »