DevSecOps Engineer

  • Cyber Security
  • CBD, Singapore

DevSecOps Engineer

Job description

DevSecOps Engineer


Toku’s mission is to help companies engage with their customers efficiently. We have helped companies move all the voice communications to the cloud and recently embarked on creating products that help companies keep engaging with their customers no matter where their employees are working from.

Toku is currently getting into a scale-up mode. We want to continue creating momentum for our products in the APAC regions and helping customers with their communications needs. As we build the Operations foundation, we are looking for an experienced DevSecOps Engineer who can help with Toku’s Information Security strategy and enhance a security program that identifies and addresses security and privacy risks and security requirements. Want to be part of our journey?


What you will be doing?

We’re looking for an analytical and process oriented DevSecOps Engineer in an operational role that will be working alongside the Security Compliance Officer and reporting to the Head of Infrastructure. You will be responsible for administering user access and perform security risk assessments and testing to identify and fix gaps.


What would you be responsible for:

• Responding to all system and/or network security breaches.

• Planning, implementing, managing, monitoring, and upgrading security measures for the protection of organization's data, systems, and networks.

• Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls.

• Conduct testing of security controls to identify and close gaps.

• Test system based on premises, also cloud services such as AWS, Azure, Alicloud, etc.

• Check OS security, security patches and updates, AWS WAF, perform security audits.

• Make recommendations and oversee the implementation for Security Information and Event Management (SIEM) solutions.

• Perform penetration tests on applications hosted in Tuku’s on-premises and cloud servers.

• Identifying and deploying cybersecurity measures by continuously performing vulnerability assessment and risk management.

• Analyse Proof-of-Concept exploits to detect threats and identify security weaknesses.

• Ensure compliance to security standards and recommend security implementations.

• Be the liaison for external vulnerability assessments and security audits.

Job requirements

We would love to hear from you if you have:

  • Bachelor’s Degree in information systems or related field.
  • Experience working on Linux based infrastructure • Experience with AWS, Azure and Alibaba Cloud services
  • At least 3 years of relevant experience.
  • Experience in software security testing, methodologies, and frameworks.
  • Experience supporting SIEM tools.
  • Strong knowledge and understanding of Endpoint security, IDPS, WAF, APT, FW.
  • Knowledge and understanding of Unix security and hardening practices.
  • Understanding of network and systems infrastructure.
  • Good communication skills and able to work independently.
  • Comfortable in both Windows and Linux systems, with exposure to scripting languages.
  • Patch Management Systems: Tenable, Rapid7, Nexpose
  • Crest Certified in VA, PT or Threat Intelligence will be a definite advantage
  • Great awareness of cybersecurity trends and hacking techniques.


What would you get?

  • Flexible working locations
  • Training and Development
  • Discretionary Yearly Bonus & Salary Review
  • Healthcare Coverage based on location
  • 20 days Paid Annual Leave (excluding Bank holidays)

If you are keen to work in a start-up growing at an accelerated speed, and you think you tick most of the requirements, come join us!