Devsecops New

**Company** : STS
- **Deadline** : 31-12-2025

**Level** : Professional

**Location** : Ha Noi
- **Number of Headcount** : 2

**Number of direct reports** : 2

**POSITION OVERVIEW**

We are looking for a **DevSecOps Engineer** who will be responsible for building, securing, and optimizing the cost of AWS infrastructure, while ensuring compliance with security standards such as **ISO 27001**.
This position serves as a bridge between **Development - Operations - Security**, helping the system achieve high efficiency, safety, and cost-effectiveness.

**JOB DESCRIPTION**

**CI/CD & Automation**
- Design, implement, and maintain CI/CD pipelines (GitLab CI, Jenkins, GitHub Actions, ArgoCD).
- Integrate security checks (SAST, DAST, SCA, container scanning) into the pipeline.
- Build automated build/deployment processes with safe rollback and change control mechanisms.
- Manage infrastructure using Infrastructure as Code (Terraform, Ansible, CloudFormation).

**Security**
- Integrate security into the software development lifecycle (Shift-left security).
- Manage secrets, credentials, and certificates (Vault, AWS Secrets Manager).
- Implement and monitor security policies for containers/Kubernetes (NetworkPolicy, PodSecurityPolicy, Image Signing).
- Collaborate with the Security team to remediate vulnerabilities and ensure compliance with OWASP, CIS Benchmark, and ISO 27001:2022.
- Support preparation of evidence and logs for internal and third-party audits.

**Network Security**
- Design and secure the VPC layer, subnets, routing, security groups, NACLs, VPN, and load balancers (ALB/NLB).
- Configure WAF, IDS/IPS, and monitor network traffic (GuardDuty, VPC Flow Logs, CloudTrail).
- Manage firewall rules and network segmentation following Zero Trust or Defense-in-Depth models.
- Ensure systems meet requirements for network isolation, DDoS protection, TLS encryption, and secure connectivity across environments.

**AWS Infrastructure & Cost Optimization**
- Monitor and analyze AWS costs, propose optimization solutions (right-sizing, autoscaling, spot/reserved instances).
- Manage cost dashboards and set up threshold alerts (AWS Budgets, Cost Explorer, CloudWatch).
- Optimize storage, networking, and compute resources according to AWS Well-Architected Framework recommendations.
- Balance security, performance, and operational costs effectively

**JOB REQUIREMENT**
- Graduated from a full-time university program majoring in IT or related engineering fields.
- **Proactive security mindset** with strong attention to risk prevention.
- Passionate about **automation** and **cost optimization**, with a drive for continuous improvement.
- Responsible, detail-oriented, and able to **collaborate effectively** with multiple teams (Dev, Infra, Compliance).
- Keeps up to date with the latest **security standards, tools, and threat trends**
- Minimum of 3 years of experience in **DevOps / DevSecOps / Cloud Engineering**.
- Proficient in **AWS** (EC2, ECS/EKS, RDS, S3, IAM, VPC, CloudWatch, GuardDuty, WAF).
- Experience in designing and operating **secure CI/CD pipelines**.
- Strong understanding of **network security**, firewall, VPN, TLS/SSL, DNS, reverse proxy, and load balancing.
- Solid knowledge of **ISO 27001 controls (A.5 - A.18)**, especially related to:

- Access control
- Operations security
- Communications security
- System acquisition, development, and maintenance- Experience in **AWS cost optimization** (Cost Explorer, Compute Optimizer, Budgets, FinOps practices).
- Familiarity with **OWASP Top 10**, **CIS Benchmark**, and **least privilege principles** in cloud environments.
- **Proactive security mindset** with strong attention to risk prevention.
- Passionate about **automation** and **cost optimization**, with a drive for continuous improvement.
- Responsible, detail-oriented, and able to **collaborate effectively** with multiple teams (Dev, Infra, Compliance).
- Keeps up to date with the latest **security standards, tools, and threat trends**
- Experience with **ArgoCD, Vault, SonarQube, Trivy, Prometheus/Grafana**.
- Knowledge of or certifications in **AWS Certified Security / Solutions Architect, CKA/CKAD, ISO 27001 Implementer** are strong advantages.
- Experience working in **multi-account AWS environments** or **eCommerce/microservices** systems.

**WHAT WE OFFER**
- Enjoy full employee benefits including social insurance (BHXH), health insurance (BHYT), trade union membership, annual leave, and performance bonuses according to company policies.
- **14+ days of annual leave** per year.
- Enjoy various welfare programs such as birthday gifts, annual health check-ups, wedding and maternity benefits, and sick leave.
- Receive bonuses on public holidays, Tet, and company events.
- Regular **salary reviews** in accordance with company policy.
- Company **uniforms and gifts** for special occasions and events.
- Clear **career advancement path**, with training and full support for skill development.
- A **creati