Role: Security Engineer
Location: Pathum Wan, Bangkok
Job Type: Permanent
- We're looking for a skilled and experienced DevSecOps Engineer to join our team and champion a culture of security excellence.
- You'll play a pivotal role in automating security testing, collaborating with developers to build secure code, and conducting penetration testing to identify and remediate vulnerabilities before they reach production.
Responsibilities:
- Design, implement, and automate DevSecOps processes and tools within our CI/CD pipeline.
- Conduct penetration testing on applications, infrastructure, and APIs, identifying and documenting vulnerabilities.
- Collaborate with developers to understand their needs and integrate security best practices into the development process.
- Analyze security vulnerabilities, prioritize risks, and recommend mitigation strategies.
- Develop and maintain security documentation, including threat models and attack surface diagrams.
- Stay informed about the latest security trends and threats, keeping our team and organization proactive against evolving risks.
- Participate in security incident response and remediation efforts.
- Foster a culture of security awareness within the organization through education and training initiatives.
Qualifications:
- Proven experience with penetration testing methodologies and tools (e.g., Metasploit, Burp Suite, Nmap, Zap, etc).
- 3+ years of experience as a DevSecOps Engineer or a related role.
- Strong understanding of DevSecOps principles and practices.
- Experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI).
- Experience in Kubernetes (GKE, KUBECTL, HELM) and containers (Docker)
- Expertise in secure coding practices and application security frameworks.
- Good communication, collaboration, and problem-solving skills.
- Ability to work independently and as part of a cross-functional team.
Bonus Points:
- Certification in penetration testing (e.g., OSCP, CEH, GPEN, Pentest+).
- Experience with Google Cloud platforms.
