DevSecOps Specialist, Technology Information Security Office

As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

 Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future.

 We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Why Join
Protecting our customers' assets and data is at the heart of everything we do at OCBC. As a Cyber Engineering - Risk professional, you'll play a critical role in safeguarding our systems and networks from cyber threats. You'll be part of a team that's shaping the future of cybersecurity in the financial industry.

How you succeed
To succeed in this role, you'll need to stay one step ahead of emerging threats. You'll work closely with our engineering teams to identify and mitigate risks, and develop strategies to protect our systems and data. You'll need to be proactive, collaborative, and always looking for ways to improve our cybersecurity posture.

What you do

• Evaluate and analyse threat, vulnerability, impact, and risk of security issues discovered from various DevSecOps tools such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST)and Container Security platform.

• Advise and collaborate with DevOps teams, developers, application, and project teams on the security issues, including explanation of the technical details and how they can remediate the vulnerabilities in their applications.

• Develop and design DevSecOps metrics, policies, processes, and procedures.

• Provide training to developers and other stakeholders on the usage of the tools.

• Assist with implementing and designing automated security checks and additional security tools within the CI/CD pipelines.

• Review and triage vulnerabilities discovered by automated security tools.

• Proficient understanding of programming languages.

•  Proficiency in scripting (Python, Bash, Javascript or similar) to support the automation and continuous improvement of processes

• Knowledge in build/release tools and methodologies in CI/CD pipelines.

• Conduct POCs and work with vendors for DevSecOps tools to achieve security automation and efficiency.

• Liaise with external vendors and oversee the resolution of incidents and technical issues related to the security tools.

• Effectively communicate and manage expectations of various stakeholders.

• Keep abreast of the latest industry trends in security and DevSecOps processes and make continuous recommendations for improvement.

Who you are

• Minimum 5 years of cyber security experience.

• Sound technical background of working with SAST, SCA, DAST, IAST and other vulnerability scanning tools.

• Prior experience in performing secure code reviews, web and mobile application penetration tests.

• Solid understanding of full DevSecOps pipeline, Agile methodology, cloud security, APIs and microservices.

• Deep knowledge of container security(Docker image scanning) and related vulnerabilities.

• Knowledge in IaC (Infrastructure as Code) security. Automate security validation in CI/CD pipeline for IaC deployments.

• Capable of working with various CI/CD tools.

• Analytical thinker with excellent communication skills.

• A recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent.

• Familiarity of MAS TRMG, PCI-DSS and other regulatory/industries requirements.

• Possesses certifications in cyber security field such as GWAPT, OSCP, CISSP etc.

• Experience working in DevSecOps for Banks in Singapore will be highly preferred.

• Good communication (spoken and written) skills, able to work independently and as a team.

Who we are
As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation.
But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future.

We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career. Your Opportunity Starts Here.

What we offer
Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Equal opportunity. Fair employment. Selection based on ability and fit with our culture and values. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.