Senior DevSecOps Engineer

Why Work for Us

We Power the Nation.

Make the most of your talents and develop products that can create impact on a national scale. We are an in-house software team, assembled to move with speed and deliver with quality.

We Build Reliable Solutions. For Customers, Company and Country.

You will be part of the Digital Technology Team and together, you will innovate, create, and deploy digital products that will empower more than 3,800 employees within SP Group and improve the quality of life for more than 1.7 million commercial, industrial and residential customers that SP Group serves. We build solutions that enable sustainable high-quality lifestyles and help consumers save energy and cost, as well as supporting national goals for a sustainable liveable city.

Now, imagine the impact you can create.

What You'll Do:

• Serve as a key technical advisor for the DevSecOps strategy for the engineering teams.
• Lead the planning and implementation of a comprehensive DevSecOps roadmap to mature our security posture.
• Foster a culture of security as a shared responsibility across all engineering teams.
• Mentor and coach engineers on secure coding practices, threat modeling, and vulnerability management.
• Design, build, and maintain secure CI/CD pipelines, embedding security controls throughout the SDLC.
• Lead technical implementation workstreams and mentor engineers on advanced security concepts.
• Partner with development teams to embed security into engineering culture and processes.
• Influence without direct authority, driving adoption of secure development practices across teams.
• Develop and implement automation for security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Write secure, scalable, and maintainable code in languages such as Python, Go, or Java to build automation tools and security solutions.
• Manage and secure infrastructure using Infrastructure as Code (IaC) tools like Terraform or CloudFormation.
• Conduct threat modeling and risk assessments for new and existing applications.
• Establish and manage a robust vulnerability management program, prioritizing and tracking the remediation of security findings.
• Collaborate with engineering teams to integrate security controls into application architectures and designs.
• Act as the primary point of contact for all security-related matters within the engineering organization.
• Communicate complex cybersecurity concepts and risks to technical and non-technical stakeholders, including senior leadership.
• Influence and drive consensus on security priorities and investments.
• Prepare and present reports on the health of the DevSecOps program, including key metrics and KPIs.
• Communicate a clear technical vision to executive leadership and cross-functional stakeholders.
• Champion a security-first mindset while enabling rapid innovation and delivery.

What You'll Need:

• Minimum of 7-10 years of experience in software engineering, DevOps, or a related technical role, with a strong focus on cybersecurity.
• Proven experience in a lead or senior-level role, with a track record of driving large-scale security initiatives.
• Demonstrated hands-on experience in building and securing CI/CD pipelines and cloud-native applications.
• Experience working in a hybrid agile & waterfall environment and a deep understanding of the software development lifecycle (SDLC).
• Proficiency in at least one major programming language (e.g., Python, Go, Java, or similar).
• Expertise in CI/CD platforms such as Jenkins, or GitHub Actions.
• Strong knowledge of cloud platforms (Azure, AWS or GCP) and their native security services.
• Hands-on experience with containerization and orchestration technologies like Docker and Kubernetes.
• Deep understanding of security tools and practices, including SAST, DAST, SCA, secrets management & scanning.
• Familiarity with security frameworks and standards (e.g., OWASP Top 10, NIST, ISO
• Proficiency with Infrastructure as Code (IaC) tools (e.g., Terraform).
• Exceptional communication and presentation skills.
• Strong leadership and mentoring abilities.
• Excellent problem-solving and critical-thinking skills.
• Proven ability to influence and collaborate with cross-functional teams and senior management.
• High degree of adaptability and a continuous learning mindset.
• Certified Information Systems Security Professional (CISSP) is a plus.
• Certified DevSecOps Professional (CDP) is a plus.
• Azure/AWS Certified Security - Specialty or other cloud-specific security certifications are a plus.
• GIAC certifications (e.g., GCSA, GWEB) are a plus.

What We'll Provide:

• Opportunity to work on the cutting edge of digital engineering practices
• Collaborative and fast-paced work environment
• Be at the forefront of shaping our company's digital future

Please click here "Apply", if you are keen to apply for this job.

Thank you for your interest in SP Group. You will be contacted if you are shortlisted for an interview.