Senior Information Security Engineer (DevSecOps)

ZALORA Engineering

ZALORA is the leading e-commerce company providing fashion throughout South East Asia. ZALORA Engineering has teams in Singapore and Vietnam to serve millions of users in Malaysia, Singapore, Hong Kong, Taiwan, Indonesia, Philippines. This regional diversity presents a lot of interesting challenges that you and your colleagues will face. You will learn a lot by tackling these challenges.

ZALORA's e-commerce platform is built with love by the engineering team. The Ho Chi Minh office, 12 Ton Dan, D4 (ZALORA Group) focuses completely on engineering and sets a high standard for software development in the field of e-commerce. This team creates the tech stack that powers ZALORA's stellar shopping experience. This ranges from the online shop and the mobile apps to ZALORA's complex logistics solutions.

The ZALORA Story

ZALORA is Asia’s leading online fashion, beauty and lifestyle destination, part of Global Fashion Group. As one of the region’s pioneer large-scale ecommerce platforms, ZALORA has established a strong presence throughout the region, particularly in Singapore, Indonesia, Malaysia, Brunei, the Philippines, Hong Kong, and in Taiwan, enjoying over 50 million visits per month.

What You'll Do

As a DevSecOps Engineer at ZALORA, you will be responsible for integrating security testing at every stage of the software development process, using various tools and processes to collaborate with developers, security specialists, and operation teams. You will also design and implement CICD solutions using AWS services and best practices.

Your main responsibilities will include:

• Create, develop, and implement solutions to address infrastructure and security requirements using AWS services such as EC2, S3, Lambda, CloudFormation, IAM, etc.
• Identify the needs for build automation, designing, and implementing CICD solutions using AWS services such as CodeCommit, CodeBuild, CodeDeploy, CodePipeline, etc.
• Consult on DevSecOps requirements from diverse application/line of business partners and provide guidance and support
• Create plug-and-play/reusable solutions and patterns for CICD pipelines and publish and disseminate CICD best practices
• Ensure that the service’s uptime and response time SLAs/OLAs are met or surpassed and troubleshoot, identify, and fix problems in the DevSecOps domain
• Use AWS security services such as Prisma Cloud, SIEM, SOC, Nesus, Crowdstrike or similar services to monitor and protect the software applications from vulnerabilities and threats
• Ensure incident tracking tools are updated in accordance with established norms and processes and escalate issues as needed
• Align with technological Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL)

Who We're Looking For

To be successful in this role, you will need:

• Bachelor's degree in engineering, computer science or a related field
• 3+ years of related job experience in DevSecOps or similar roles
• Comprehensive technical expertise in a variety of DevSecOps toolkits, including Ansible, Jenkins, Jira, Github Actions, Terraform, Git/Version Control Software, or comparable technologies
• Familiarity with information security frameworks and standards such as ISO 27001, NIST 800-53, PCI DSS, etc.
• Knowledge of DevOps Automation (TerraFrom, GitHub, GitHub Actions) and AWS DevOps services such as CodeCommit, CodeBuild, CodeDeploy, CodePipeline
• Knowledge of AWS security services such as Prisma Cloud, SIEM, SOC, Nesus, Crowdstrike or similar services
• Excellent communication and collaboration skills

ZALORA is not obligated to accept resumes from any third parties on behalf of potential candidates for any position (advertised or otherwise) by any means, unless ZALORA has executed a written agreement with such third party and has expressly requested such third party for candidate referrals. Third parties who provide unsolicited resumes of candidate(s) shall waive and forfeit all rights to claim for any placement fees or referral fees in the event that such candidate is eventually engaged or employed by ZALORA or Global Fashion Group.