DevSecOps Engineer

freeC's Client

The Engineer will participate in projects implementing DevSecOps solutions for large enterprise clients. The scope of work includes:

• Directly participate in consulting and implementing DevSecOps solutions for clients.
• Advise and implement solutions for Application Security such as SCA, SAST, DAST (e.g., Synopsys Coverity, Sonatype Lifecycle, Synopsys Black Duck, Checkmarx, Sonarqube, etc.).
• Advise and implement solutions for Cloud Native Application Protection Platforms (CNAPP) (e.g., Aquasec, Prisma, etc.).
• Advise and implement solutions for Secret Management (e.g., Vault, CyberArk, etc.).
• Support clients in assessing and classifying (triaging) vulnerabilities and security risks discovered by the tools.
• Assist clients in remediating vulnerabilities in code detected by Application Security tools, as well as vulnerabilities identified by CNAPP tools.
• Advise and implement Observability solutions (Monitoring, Logging, Tracing, etc.) for clients.

Job Requirements

• Graduated from university with a major in Information Technology or related fields;
• At least 3 years of experience working in the Security field;
• Strong understanding of security frameworks such as OWASP, CIS Benchmarks, or Zero Trust;
• Advantageous if having good knowledge of secure software development processes, including DevSecOps tools such as SCA, SAST, DAST, etc.;
• Advantageous if experienced in implementing security on the Kubernetes platform;
• Advantageous if proficient in programming languages such as Java, JavaScript, Python, Golang, etc.;
• Advantageous if experienced in working with systems like SIEM, IDS/IPS;
• Advantageous if experienced in working with Infrastructure as Code and Configuration as Code tools like Terraform, Ansible, etc.;
• Basic English communication skills, with the ability to research, read, understand, and write technical documents in English.

• Work schedule: Monday to Friday (weekends and public holidays off).
• Supportive and development-focused work environment emphasizing respect, fairness, integrity, professionalism, and care.
• Full labor law benefits, including insurance.
• Personalized health care benefits:
• Periodic health checks tailored to individual needs.
• Annual health insurance packages.
• Holiday and festival bonuses.
• Internal training programs and development consultancy.
• Opportunities to attend technology conferences and specialized training.
• Company-sponsored travel and team-building activities.