DevSecOps
Kuala Lumpur, Malaysia
Technology – Cybersecurity /
Full time /
Hybrid
We’re searching for a proactive and experienced DevSecOps Engineer who thrives on solving complex information security issues and building innovative security processes from the ground up. At Xsolla, you’ll have the chance to implement secure practices, enhance CI/CD pipelines, and collaborate closely with DevOps and Developer teams to ensure our infrastructure and development processes are secure and scalable. You’ll be responsible for automating security measures, driving process improvements, and staying ahead of infrastructure vulnerabilities. If you’re passionate about Linux administration, cloud infrastructure, and implementing cutting-edge security solutions, this is your opportunity to leave your mark in the dynamic world of gaming. Join us and be a key player in securing the future of our digital infrastructure!
RESPONSIBILITIES
- Implement and maintain secure software development lifecycle (S-SDLC) processes.
- Conduct internal audits of the company's infrastructure and perimeter security.
- Develop and automate Infrastructure as Code (IaC) and Policy as Code practices.
- Enhance CI/CD pipelines with robust security measures and tools, including SAST and DAST.
- Collaborate with product development, DevOps, and IT teams to identify vulnerabilities and implement process improvements.
- Research, introduce, and integrate new tools tailored to our infrastructure needs.
- Present and drive process improvement plans for the development teams, influencing secure coding practices.
- Participate in security architecture assessments for new services and support teams in containerizing applications.
- Conduct and develop training events to educate developers on security best practices.
REQUIREMENTS
- Strong expertise in Linux administration and Gitlab CI/CD.
- Hands-on experience with popular CI/CD security tools (SAST, DAST, etc.).
- Familiarity with containerization technologies like Docker and Kubernetes (k8s), with an understanding of concepts such as ingress, pods, and services.
- Knowledge of cloud infrastructure providers (GCP, AWS, Azure) and experience securing cloud environments.
- Ability to configure and debug Nginx—understanding of the difference between proxy_pass and upstream, and how HTTP protocols and TLS/SSL work.
- Knowledge of PHP and its integration within secure pipelines is a plus.
- Ability to collaborate and influence cross-functional teams, particularly DevOps and Developers.
- Familiarity with typical infrastructure attacks and a solid understanding of threats vs. risks.
- Self-starter with strong initiative, ready to experiment with and explore new tools and technologies.
- Excellent communication skills to advocate for security improvements across teams.
- Upper-intermediate oral communication in English or higher.
BENEFITS:
Convenient work tools:
Latest Mac workplaces + additional hardware to make you more effective at work
Google Chat, Gmail, Google Drive, Confluence, Jira, GitLab
Professional growth:
Free training and participation in specialized conferences
Rich knowledge exchange within the company
More perks:
Health insurance
Flexible hours: organize your day according to your needs and sprint & teamwork demands
No dress code
Comfortable and new office environment
ABOUT XSOLLA
Xsolla is a video game commerce company powered by Transaction Engine and Business Engine that helps developers and publishers market, sell, connect, and optimize their games globally. The engines work seamlessly together to solve the complexities of distribution, marketing, and monetization so partners can increase their audience, sales, and revenue. For more information, please visit www.xsolla.com.
PHYSICAL DEMANDS
The physical demands for this position are sitting, standing, bending, lifting, and moving intermittently during working hours. These physical requirements may be accomplished with or without reasonable accommodations.
The duties of this position may change from time to time so the individual and organization can achieve their results. This job description is intended to describe the general level of work being performed. It is not intended to be all-inclusive. Xsolla KL Sdn Bhd takes your privacy very seriously, and will not sell or externally distribute any data received during the hiring process. Pursuant to the Personal Data Protection Act 2010 (“PDPA”), Xsolla KL Sdn Bhd is mindful and committed to the protection of your personal information and your privacy. Please direct any inquiries regarding your data privacy to careers@xsolla.com.
Longevity Opportunity Vision Enjoy the game.
For more vacancies: https://xsolla.com/careers/vacancies