Devsecops Engineer

**About WhiteCoat**:
WhiteCoat’s core services include primary care tele-consultations, chronic disease management, health screening services and home-based medical services. As a digital healthcare leader, WhiteCoat partners insurance providers, conglomerates, and other private, government, and financial organisations to spearhead the way for wider access to affordable healthcare across the region.

**What you will be doing**:
We are looking for a **DevSecOps Engineer**to help build, secure, and automate WhiteCoat’s digital infrastructure while maintaining our ISO 27001-certified Information Security Management System (ISMS). As a DevSecOps Engineer, you will work closely with our engineering, QA, and compliance teams while being mentored by senior technical leads. This role reports to Director, Technical Programme (WhiteCoat’s DevSecOps Lead).

On a day-to-day basis, this means you will:

- Maintain and optimise CI/CD pipelines for microservices, mobile apps, and infrastructure-as-code (IaC) using GitHub Actions, GitLab CI, Terraform, and Helm.
- Automate AWS environment provisioning and patching across dev, staging, and production, enforcing least privilege through IAM and policy management.
- Monitor and respond to system alerts via CloudWatch, GuardDuty, and Wazuh; lead incident response calls, conduct post-mortems, and refine response playbooks.
- Enforce change management controls and safe deployment practices in line with internal security policies.
- Maintain and continuously improve our ISMS, including ISO 27001 documentation, risk treatment plans, and corrective action tracking.
- Review and update security policies such as Access Control, Cryptography, MDM, and Third-Party Risk on a regular basis.
- Conduct periodic risk assessments, vendor reviews, and internal audits; prepare for external ISO surveillance audits.
- Lead quarterly security awareness training and deliver onboarding briefings to new team members.
- Prepare and present monthly security KPIs and audit updates to technical and business leadership.

**Our Benefits**:

- **Make a Real Impact**: Opportunity to contribute to a leading digital health company's rapid growth.
- **Fast-paced Start-up Environment**: Experience an environment where you get to own and make tangible impact without bureaucracy getting in the way of rapid decision-making.
- **Great Team**: Collaborate with intelligent, friendly, and supportive professionals from diverse backgrounds.
- **Hands-on Learning & Growth**: Dual-track mentorship in DevOps and InfoSec, with exposure to a real-world ISO-certified environment.
- **Competitive Compensation & Benefits**: Competitive compensation and performance-based bonus. Holistic health insurance for your peace of mind for both in-patient and out-patient coverage.

**Job requirements**:
**What we are looking for**:
**Required**:

- Experience with AWS core services (e.g., EC2, VPC, IAM, S3, RDS).
- Proficiency with Terraform or CloudFormation for infrastructure-as-code.
- Familiarity with Linux systems and scripting in Bash or Python.
- Working knowledge of ISO 27001 controls, and awareness of PDPA/GDPR principles.
- Strong communication skills—especially for writing post-incident reports, audit findings, and policy documentation.

**Good to have**:

- Diploma or Bachelor’s degree in Computer Science, Information Security, Engineering, or a related discipline.
- 0-3 years of experience in DevOps, SysAdmin, or Security roles (internships included). We are open to fresh graduates with relevant security experiences.
- AWS Cloud Practitioner certification, or ability to obtain it within 6 months of joining.
- Proficiency with Docker/Kubernetes.
- Experience with SIEM tools such as Wazuh, ELK, and Splunk.
- Experience with vulnerability management (e.g. SCA, container scanning, Nessus).
- CompTIA Security+, AWS Security Specialty, or ISO 27001 Lead Implementer/ Auditor certs.