DevSecOps Engineer

4 days ago


Pasay, National Capital Region, Philippines SM Investments Full time ₱900,000 - ₱1,200,000 per year

Overall objectives:

  • Responsible for automating security controls within CI/CD pipelines, securing cloud and container environments, and ensuring compliance with industry standards.
  • Responsible for integrating security seamlessly into the development and operations lifecycle.
  • Possess a strong security mindset, proficient in automating security controls within CI/CD pipelines, securing cloud and container environments, and ensuring compliance with industry standards.
  • Will work closely with cross-functional teams to ensure security is not an afterthought but a continuous focus throughout the software development lifecycle.

Technical Competencies:

  • With experience integrating security into CI/CD pipelines (Jenkins, CircleCI and GitLab,).
  • Deep knowledge of Cloud Security and Container Security best practices.
  • Hands-on experience with Infrastructure as Code (IaC) security and automation.
  • Proficient in Security Testing Tools such as Snyk, SonarQube, Checkmarx, or Fortify.
  • Strong knowledge of IAM Best Practices and federated identity solutions.
  • Experience implementing Security Compliance Frameworks (ISO 27001, NIST, CIS).
  • Familiar with DevOps Toolchain Security including securing CI/CD tools and artifact repositories.

DevOps Toolchain Security

  • Ensure Source Control Security best practices in Git repositories.
  • Secure Artifact Repositories (Nexus, JFrog Artifactory) by ensuring signed artifacts and dependency integrity.
  • Harden CI/CD tools like Jenkins, GitLab, and GitHub Actions against security risks.

Security Mindset and Knowledge

  • Embed Security by Design into all phases of the development lifecycle.
  • Perform Threat Modeling to anticipate vulnerabilities and enhance security defenses.
  • Apply the OWASP Top 10 to secure web applications.
  • Implement and enforce Security Policies and Frameworks (ISO 27001, NIST, CIS).
  • Apply the Zero Trust Model in cloud and container environments.

Identity and Access Management (IAM)

  • Implement IAM Best Practices including the principle of least privilege and role-based access control (RBAC).
  • Manage Federated Identity using protocols like SAML, OAuth, or AWS Cognito.
  • Secure secrets management tools like HashiCorp Vault or Secrets Manager.

Container and Cloud Security

  • Secure containers using tools like Docker Bench for Security, Aqua, or Twistlock.
  • Implement Kubernetes Security best practices such as RBAC, Network Policies, and secrets management.
  • Ensure Cloud Security by leveraging native security tools such as but not limited to AWS GuardDuty, Azure Security Center, or GCP Security Command Center.

Automation & CI/CD Integration

  • Integrate Automated Security Testing tools (SAST, DAST, SCA) into CI/CD pipelines.
  • Perform Static and Dynamic Code Analysis using tools like Snyk and SonarQube. · Automate security-focused code reviews and integrate them into the pipeline.
  • Secure Infrastructure as Code (IaC) using tools like Terraform and CloudFormation.

Compliance and Governance Automation

  • Implement Compliance as Code for standards like GDPR, HIPAA, or PCI DSS using tools such as Chef InSpec or OpenSCAP.
  • Maintain and review Audit Trails for security events and incidents.
  • Enforce security policies using tools like OPA (Open Policy Agent) and AWS Config

Risk Management and Security Assessments

  • Conduct Risk Assessments to identify security vulnerabilities and threats.
  • Continuously evaluate and enhance Security Posture to mitigate risks.
  • Apply Security Controls as compensating measures when vulnerabilities cannot be immediately fixed.

Cloud-Native Security Services

  • Implement and manage AWS/Azure/GCP Security Services like IAM, GuardDuty, and CloudTrail.
  • Ensure Cloud Security Posture Management (CSPM) using tools like Prisma Cloud or Dome9.


  • Pasay, National Capital Region, Philippines Royal Caribbean Group Full time

    Join to apply for the Sr Engineer, InfoSec Enablement role at Royal Caribbean GroupOverviewThe InfoSec Enablement Engineer is an expert in a multitude of technologies and services that is a member of a "strike team" that deploys securely transformative technologies to enable the business. Their goal is to be a security and IT evangelist that identifies...


  • Pasay, National Capital Region, Philippines Royal Caribbean Group Full time $104,000 - $130,878 per year

    Position SummaryThe InfoSec Enablement Engineer is an expert in multitude of technologies and services that is member of a "strike team" that deploys securely transformative technologies to enable the business. Their goal is to be a security and IT evangelist that identifies innovative solutions, creates patterns, and validates them to allow for self-service...


  • Pasay, National Capital Region, Philippines MicroSourcing Full time ₱1,200,000 - ₱3,600,000 per year

    TheCybersecurity Engineeris responsible for designing, implementing, and maintaining security solutions to protect Camp Australia's digital assets and infrastructure. This role involves proactive threat detection, vulnerability management, incident response, and continuous improvement of security controls. The engineer works closely with IT, Cybersecurity...


  • Pasay, National Capital Region, Philippines MicroSourcing Full time ₱900,000 - ₱1,200,000 per year

    Discover your 100% YOU with MicroSourcingPosition: Cybersecurity EngineerLocation: MoA, Pasay, PhilippinesWork setup & shift: Hybrid | Dayshift**Why join MicroSourcing? You'll have:**Competitive Rewards: Enjoy above-market compensation, healthcare coverage on day one, plus one or more dependents, paid time-off with cash conversion, group life insurance, and...


  • Pasay, Philippines Royal Caribbean Group Full time

    Join to apply for the Sr Engineer, InfoSec Enablement role at Royal Caribbean Group Overview The InfoSec Enablement Engineer is an expert in a multitude of technologies and services that is a member of a “strike team” that deploys securely transformative technologies to enable the business. Their goal is to be a security and IT evangelist that...


  • Pasay, Philippines MicroSourcing Full time

    Cybersecurity Engineer (Dayshift - Hybrid in MOA) Join to apply for the Cybersecurity Engineer (Dayshift - Hybrid in MOA) role at MicroSourcing The Cybersecurity Engineer is responsible for designing, implementing, and maintaining security solutions to protect Camp Australia’s digital assets and infrastructure. This role involves proactive threat...