DevSecOps Engineer

Job description

About SM InvestmentsAt SM Investments, we shape sustainable growth stories that move industries and uplift communities. As one of the Philippines’ leading conglomerates, we build opportunities across retail, banking, and property guided by excellence, integrity, and innovation. Key ResponsibilitieAutomate security controls within CI/CD pipelines (Jenkins, GitLab, CircleCI, GitHub ActionsSecure cloud environments (AWS, Azure, GCP) and container platforms (Docker, Kubernetes)Integrate security testing tools (SAST, DAST, SCA) such as Snyk, SonarQube, Checkmarx, or FortifyImplement Infrastructure as Code (IaC) security using Terraform and CloudFormationEnforce IAM best practices, RBAC, and federated identity (SAML, OAuth, Cognito)Apply security frameworks (ISO 27001, NIST, CIS) and compliance automationPerform threat modeling, risk assessments, and vulnerability managementSecure DevOps toolchains, artifact repositories (JFrog, Nexus), and source control systemImplement Zero Trust principles and cloud-native security controlsMaintain audit trails, enforce policies (OPA, AWS Config), and ensure governance compliance Technical CompetenciesStrong expertise in DevSecOps practices and secure SDLCDeep knowledge of cloud and container securityHands-on experience with IaC security and automationFamiliarity with Kubernetes security (RBAC, network policies, secrets management)Proficiency in security tools and automation frameworksExperience with compliance-as-code tools (Chef InSpec, OpenSCAP) Preferred ExperienceProven experience in DevSecOps within platform engineering environments, building secure and scalable developer platformsHands-on expertise with Terraform, including securing Terraform modules, state management, and IaC pipelinesExperience designing and securing internal developer platforms (IDPs) or platform-as-a-service (PaaS) environmentsStrong background in automating security controls at scale across cloud-native architecturesExperience with Cloud Security Posture Management (CSPM) tools such as Prisma Cloud or Dome9Exposure to enterprise-grade security architecture and governance frameworks