Devsecops Lead

**About DKatalis**

DKatalis is a financial technology company with multiple offices in the APAC region. In our quest to build a better financial world, one of our key goals is to create an ecosystem linked financial services business.

DKatalis is built and backed by experienced and successful entrepreneurs, bankers, and investors in Singapore and Indonesia who have more than 30 years of financial domain experience and are from top-tier schools like Stanford, Cambridge London Business School, JNU with more than 30 years of building financial services/banking experience from Bank BTPN, Danamon, Citibank, McKinsey & Co, Northstar, Farallon Capital, and HSBC.

We're looking for **DevSecOps Lead** to join our high performing team. If you're looking to be a part of a team who tackle real-world problems, DKatalis might just be the place for you Work alongside world-class talents and join us as we use technology to make a change in the financial world.

**Position Overview**:
The **DevSecOps Lead** will play a crucial role in implementing and maintaining a robust DevSecOps framework within our organization. As a senior member, you will be instrumental in leading the integration of security practices into our development, operations, and infrastructure processes, ensuring the confidentiality, integrity, and availability of our systems and data. The DevSecOps will work closely with cross-functional teams, including development, operations, and security, to ensure a collaborative and efficient approach to security.

**Responsibilities**:

- Develop and implement a comprehensive DevSecOps strategy to embed security practices throughout the software development lifecycle (SDLC) and operational processes.
2. Lead the establishment and maintenance of secure coding practices, including code review processes, vulnerability scanning, and penetration testing.
3. Collaborate with development teams to integrate security controls, such as static code analysis, into the continuous integration and deployment (CI/CD) pipelines.
4. Design and implement secure infrastructure and cloud architecture, including network security, identity and access management (IAM), and secure data storage.
5. Identify and evaluate potential security risks and vulnerabilities, and develop proactive strategies to mitigate them.
6. Manage security incident response processes, ensuring timely detection, investigation, and resolution of security incidents.
7. Monitor and report on key security metrics and indicators to assess the effectiveness of security controls and identify areas for improvement.
8. Stay up-to-date with the latest security technologies, trends, and best practices, and make recommendations for their adoption.
9. Collaborate with internal teams and external stakeholders to ensure compliance with industry regulations and standards, such as GDPR, HIPAA, and ISO 27001.
10. Provide guidance and mentorship to team members, fostering a culture of security awareness and knowledge sharing.

**Qualifications**:

- Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus.
- Proven experience (5+ years) working in a DevSecOps or similar role, with hands-on experience in implementing security practices in software development and operations.
- Strong understanding of secure coding practices, vulnerability management, and secure infrastructure design.
- Familiarity with industry standards and frameworks, such as OWASP, NIST, and CIS benchmarks.
- Experience with cloud platforms (e.g., AWS, Azure, GCP) and related security services.
- Knowledge of CI/CD pipelines, configuration management tools (e.g., Ansible, Puppet), and containerization technologies (e.g., Docker, Kubernetes).
- Proficiency in scripting and automation using languages such as Python, Bash, or PowerShell.