DevSecOps Consultant

Company:

Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software. With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations. We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.

Description:

For this project, we are forming a team of 6 (including 1 team lead) to assist in a huge upcoming government project to perform the following scope of works:

(i) Security Risk Assessment

(ii) Security Policies, Standards, Guidelines, And Procedures Review

(iii) Security Design

(iv) Application Security

(v) Vulnerability assessment and

(vi) System Security Acceptance Testing

(vii) Cloud Security

The selected candidate will be working collaboratively within the team to fulfil the project requirements. As such, there is no expectation for one individual to possess all skill sets in the 6 domains.

As a expert in DevSecOps, your role will focus on providing expert advice, conducting security assessments, and helping government teams build security into every stage of their software development lifecycle.

Responsibilities:

• Perform comprehensive risk assessments of development environments, DevOps workflows, and CI/CD processes.
• Review and recommend improvements in areas such as identity and access management, network security, secure SDLC practices, source code management, cryptographic key handling, and data protection.
• Guide application teams on adopting secure development practices and integrating security tools such as SAST, DAST, and VAPT into their workflows.
• Review existing CI/CD pipelines from a security perspective and provide expert recommendations to align with DevSecOps principles.
• Mentor and advise internal teams on secure coding practices across various platforms and languages (e.g., JavaScript, Node.js, Java, C#, Python, etc.).
• Support the development and enforcement of application security policies, standards, and procedures

• Strong experience in DevSecOps with a solid foundation in cybersecurity and risk assessment.
• Hands-on knowledge of secure software development lifecycle (SSDLC) principles and tools.
• Familiarity with integrating security testing tools and practices within CI/CD environments.
• Experience with secure coding and vulnerability assessments across common web and mobile technologies.
• Ability to work with and guide development teams without being directly involved in implementation.
• Excellent communication skills and the ability to translate complex security requirements into practical advice

• Regular team buildings
• 18 leave days / year
• Insurance: GP, Hospitalisation, Dental and Optical
• Annual bonus
• Working hours: from 8:30am to 6pm, Monday to Friday
• Training and certifications paths