Position Overview
We are seeking an experienced DevSecOps with Observability Engineer to join our team
and drive the implementation of secure, scalable, and comprehensively observable
cloud infrastructure. The successful candidate will be responsible for building and
maintaining CI/CD pipelines, implementing security controls throughout the
development lifecycle, and establishing enterprise-grade observability practices that
provide deep insights into system performance, security posture, and operational
health across our entire technology stack.
Key Responsibilities
Infrastructure & Cloud Management Design, implement, and maintain cloud
infrastructure on AWS using Infrastructure as Code principles. Manage containerised
applications using Amazon EKS and ensure optimal performance, security, and cost
efficiency. Collaborate with development teams to architect scalable solutions that
meet both functional and non-functional requirements whilst embedding observability
from the ground up.
Security Controls Implementation Implement and maintain security controls
throughout the development lifecycle, from code commit to production deployment.
Integrate automated security testing, static and dynamic code analysis, and
vulnerability scanning into CI/CD pipelines. Establish security gates and approval
processes that prevent vulnerable code from reaching production environments.
Develop and enforce security policies for container images, infrastructure
configurations, and application deployments with comprehensive security
observability.
Advanced Monitoring & Observability Design and implement enterprise-grade
observability solutions using ELK Stack or Prometheus-Grafana to provide
comprehensive insights into system performance, security events, and operational
health. Architect distributed tracing solutions using OpenTelemetry to monitor
application performance across complex microservices architectures and troubleshoot
issues with precision. Create sophisticated dashboards, alerts, and reporting
mechanisms that provide actionable insights to stakeholders whilst ensuring security
events, performance anomalies, and operational issues are proactively identified and
investigated. Implement observability-driven incident response and post-mortem
processes.
CI/CD Pipeline Management Build, maintain, and optimise CI/CD pipelines using
GitLab Runners to enable rapid, reliable, and secure software delivery. Embed security
controls and observability instrumentation at every stage of the pipeline including pre-
commit hooks, automated security testing, compliance checks, and deployment
validation. Implement automated testing, security scanning, and deployment
processes that support continuous integration and deployment practices whilst
maintaining zero-trust security principles and comprehensive pipeline observability.
Infrastructure as Code & Policy as Code Implementation Leverage Infrastructure as
Code tools, particularly Terraform, to automate infrastructure provisioning and
management with built-in security controls, compliance checks, and observability
instrumentation. Implement Policy as Code frameworks to codify governance,
compliance, and security policies that are automatically enforced across all
infrastructure deployments. Develop custom automation scripts and tools to
streamline operational processes whilst ensuring security standards and observability
requirements are maintained. Integrate and utilise GenAI-based coding agents to
enhance development productivity and code quality, implementing appropriate security
guardrails and observability for AI-assisted development.
Observability Strategy & Implementation Develop and execute comprehensive
observability strategies that encompass metrics, logs, traces, and events across the
entire application and infrastructure stack. Implement service level objectives (SLOs)
and service level indicators (SLIs) to measure and improve system reliability. Design and
maintain observability platforms that support real-time monitoring, historical analysis,
and predictive insights for both operational and security use cases.
Essential Requirements
Technical Skills
• Extensive experience with AWS cloud services and architecture patterns
• Strong proficiency in Terraform for Infrastructure as Code implementation,
including advanced features such as modules, workspaces, and state
management
• Deep hands-on experience with ELK Stack (Elasticsearch, Logstash, Kibana) or
Grafana for monitoring, visualisation, and observability
• Strong knowledge of Amazon EKS and container orchestration with observability
best practices
• Advanced experience implementing observability solutions and distributed
tracing with OpenTelemetry across complex distributed systems
• Proficiency with GitLab or GitHub for version control and CI/CD pipeline
management
• Experience with GenAI-based coding agents and AI-assisted development tools
Observability Expertise
• Proven experience designing and implementing comprehensive observability
strategies for large-scale distributed systems
• Deep understanding of the three pillars of observability: metrics, logs, and
traces, and their integration
• Experience with observability tools such as Prometheus, Splunk, or commercial
APM solutions
• Knowledge of observability data correlation, anomaly detection, and automated
alerting strategies
• Understanding of observability-driven development and operational practices
Security & Compliance
• Strong understanding of DevSecOps principles and implementing security
controls throughout the development lifecycle using Infrastructure as Code and
Policy as Code methodologies
• Experience with security scanning tools, SAST/DAST solutions, and vulnerability
management integrated into IaC workflows and automated through policy
enforcement
• Knowledge of compliance frameworks, security standards, and regulatory
requirements codified and enforced through Policy as Code implementations
• Understanding of network security, identity and access management, and data
protection defined and managed through Infrastructure as Code templates and
policy definitions
• Experience with security orchestration and incident response procedures
automated and standardised through Infrastructure as Code and Policy as Code
frameworks
Professional Experience
• Minimum 5 years of experience in DevOps, SRE, or similar roles with security and
observability focus
• Minimum 2 years of hands-on Terraform experience in production environments
• Proven track record of implementing and managing secure cloud infrastructure
at scale with comprehensive observability
• Experience working in agile development environments with security integration
and observability practices
• Strong problem-solving skills and ability to work under pressure whilst
maintaining security standards and observability requirements
Preferred Qualifications
• AWS certifications (Solutions Architect, DevOps Engineer, or Security Specialty)
• HashiCorp Certified: Terraform Associate or Professional certification
• Observability and monitoring certifications or demonstrable experience
• Experience with Terraform Enterprise or Terraform Cloud
• Experience with additional monitoring tools, APM solutions, and observability
platforms
• Experience with policy-as-code and governance automation using tools like
Sentinel or Open Policy Agent
• Background in software development with understanding of secure coding
practices and observability instrumentation
What We Offer
• Opportunity to work with cutting-edge technologies, security tools, and
observability platforms
• Collaborative environment with opportunities for professional growth in security
and observability
• Continuous learning and development opportunities in emerging security and
observability technologies
This role offers the opportunity to shape our DevSecOps and observability practices,
contributing to building robust, secure, and comprehensively observable systems that
protect our organisation's assets whilst enabling rapid and reliable software delivery
through advanced Infrastructure as Code, Policy as Code, and observability practices
VINOVA PTE. LTD.
Established in 2010, Vinova is a passion-driven and award-winning development company for mobile, web, and enterprise applications. Our clients span the globe and cover a wide range of projects including IoT, blockchain, banking, fintech, networking, and ecommerce. Vinova earns respect from customer...
Read more about the companyCopyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.