About the Role
This is a hands-on, high-ownership engineering role at the intersection of development, security, and operations. As DevSecOps Engineer, you will own the reliability, automation, and data protection practices of a live, scaling healthcare platform — ensuring engineering teams can ship fast without compromising compliance, privacy, or resilience.
You will design and continuously improve CI/CD pipelines, cloud infrastructure, and security automation, embedding secure-by-design principles across the entire product lifecycle. This role carries real strategic influence: you will participate in architecture reviews, shape the company's DevSecOps culture, and build internal tooling that empowers developers across the organisation.
If you believe security belongs at every stage of the development lifecycle — and you want to prove it — this role was built for you.
Requirements
Must Have
5–9 years of experience in DevOps, Security, or Cloud Engineering roles
Strong hands-on experience with CI/CD, Docker, Kubernetes, and Terraform
Minimum 3–5 years of Azure experience, including IAM, VPCs, and networking
Working knowledge of Python or Bash for automation and scripting
Proven experience integrating security tools into build and deployment pipelines
Familiarity with compliance or regulated environments (healthcare, fintech, or govtech)
Nice to Have
Experience implementing SOC 2, HIPAA, or PDPA controls
Familiarity with FHIR / HL7 data standards or healthcare data interoperability
Exposure to SIEM tools (Splunk, Wazuh) and threat modelling practices
Knowledge of infrastructure cost optimisation and cloud governance
Interest in mentoring engineers on DevSecOps best practices
Responsibilities
◉CI/CD & Infrastructure Automation
- Build, maintain, and optimise CI/CD pipelines across GitHub Actions, GitLab CI, and ArgoCD
- Automate infrastructure provisioning using Terraform or Pulumi
- Implement blue-green and canary deployment strategies for high availability
- Manage and improve monitoring, alerting, and observability stacks (Grafana, Prometheus, Datadog)
- Collaborate with Full-Stack and Backend engineers on build and release processes
◉Security Engineering & Compliance
- Integrate SAST/DAST tools and dependency scanning directly into CI/CD pipelines
- Implement container security, secret management, and least-privilege IAM policies
- Conduct regular vulnerability assessments and maintain incident response runbooks
- Work with compliance teams to meet HIPAA, PDPA, and ISO 27001 requirements
- Support data protection, encryption, and audit logging requirements
◉Cloud & Infrastructure Operations
- Manage cloud resources on Azure with a focus on scalability and cost optimisation
- Design and implement backup, disaster-recovery, and high-availability strategies
- Enhance networking, service mesh, and API gateway configurations
- Support production monitoring, capacity planning, and environment management
◉Collaboration & Enablement
- Partner with Infrastructure, Backend, and QA teams to embed security into every release
- Build internal tooling and automation that empower developers to move faster and safer
- Participate in architecture reviews and security design discussions
- Champion a DevSecOps culture — shifting security left across the development lifecycle
Salary and Benefits
- Competitive compensation at MYR 20,000 per month, commensurate with experience
- Hybrid work model — flexibility to work where you are most effective
- Hands-on ownership of platform security and infrastructure from day one
- Work with a modern tech stack — Nuxt (Vue 3), Python FastAPI, and cloud-native microservices on Azure
- Engineering culture that values autonomy, security-first thinking, and mission impact
- Direct exposure to healthcare compliance frameworks (HIPAA, PDPA, ISO 27001) at scale
- Regional growth exposure — your work will directly protect and scale a healthcare platform across Southeast Asia
About the Company
This company is a next-generation healthtech organisation redefining how private healthcare is delivered, coordinated, and experienced across Southeast Asia. Founded on the mission to make private healthcare accessible, affordable, and accountable, this company operates a purpose-built, technology-enabled platform that bridges patients, providers, payors, and policymakers through intelligent and interoperable systems.
Backed by significant institutional investment, the company has built one of the largest multi-specialty private healthcare ecosystems in the region — spanning over 13 medical specialties — supported by a proprietary data-driven platform. The engineering team operates with a culture of autonomy, quality, and mission-driven impact, building infrastructure where security and reliability are not optional — they are foundational.