OCBC
Financial Services
DevSecOpsSpecialist
Neural analysis suggests this role is
optimal for Senior candidates.
“DevSecOps Specialist at OCBC. Skills: DevSecOps, Cyber Security, Vulnerability Management, Automation. Evaluate and analyse threat, vulnerability, impact, and risk. Advise and collaborate with DevOps teams”
What You'll Achieve.
Safeguarding our systems and networks from cyber threats; Shaping the future of cybersecurity; Stay one step ahead of emerging threats; Mitigate risks; Develop strategies to protect systems and data; Improve our cybersecurity posture; Achieve security automation and efficiency
Industry & Context.
Analytical thinker
What They're Looking For.
Must Have
Minimum 5 years of cyber security experience, Sound technical background of working with SAST, SCA, DAST, IAST and other vulnerability scanning tools, Prior experience in performing secure code reviews, web and mobile application penetration tests, Solid understanding of full DevSecOps pipeline, Agile methodology, cloud security, APIs and microservices, Deep knowledge of container security(Docker image scanning) and related vulnerabilities, Knowledge in IaC (Infrastructure as Code) security, Capable of working with various CI/CD tools, Analytical thinker, Excellent communication skills, Proficient understanding of programming languages, Proficiency in scripting (Python, Bash, Javascript or similar), Knowledge in build/release tools and methodologies in CI/CD pipelines
Nice to Have
Experience working in DevSecOps for Banks in Singapore, Possesses certifications in cyber security field such as GWAPT, OSCP, CISSP etc., Familiarity of MAS TRMG, PCI-DSS and other regulatory/industries requirements
What You'll Do.
Evaluate and analyse threat
Advise and collaborate with DevOps teams
Develop and design DevSecOps metrics
Provide training to developers
Assist with implementing and designing automated security checks
Review and triage vulnerabilities
Conduct POCs and work with vendors
Liaise with external vendors
Oversee resolution of incidents
Keep abreast of latest industry trends
How You'll Work.
Team & Collaboration
Collaborate with DevOps teams, developers, application, and project teams; Work with vendors for DevSecOps tools; Liaise with external vendors; Effectively communicate and manage expectations of various stakeholders
Communication Scope
Excellent communication skills; Good communication (spoken and written) skills; Effectively communicate and manage expectations
Full Job Description
# **WHO WE ARE:** As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires. Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future. We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career. Your Opportunity Starts Here. # **Why Join** Protecting our customers' assets and data is at the heart of everything we do at OCBC. As a Cyber Engineering - Risk professional, you'll play a critical role in safeguarding our systems and networks from cyber threats. You'll be part of a team that's shaping the future of cybersecurity in the financial industry. **How you succeed** To succeed in this role, you'll need to stay one step ahead of emerging threats. You'll work closely with our engineering teams to identify and mitigate risks, and develop strategies to protect our systems and data. You'll need to be proactive, collaborative, and always looking for ways to improve our cybersecurity posture. **What you do** * Evaluate and analyse threat, vulnerability, impact, and risk of security issues discovered from various DevSecOps tools such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST)and Container Security platform. * Adv
Applying for this DevSecOps Specialist role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about OCBC?
Real rants from real employees. Read before you apply.