Kuala Lumpur
·
Hybrid
DevSecOps Analyst
Role Purpose: Embed security, compliance, and automation into build and release processes so teams can ship fast and safely across all K3 brands and divisions.
Key Responsibilities:
- Implement CI/CD templates with SAST/DAST/SCA and container scanning
- Enforce secrets management (OIDC to Key Vault, no long-lived credentials)
- Define and monitor policy gates for secure code
- Build SBOM generation, image signing, and provenance
- Automate compliance evidence and deployment checklists
Preferable Experience:
- 3+ years in DevOps/DevSecOps with GitHub Actions or Azure DevOps
- Hands-on with CodeQL/OWASP ZAP/Snyk/Trivy/Checkov
- Docker/Kubernetes fundamentals and scripting skills
- Track record reducing vulnerability backlog and failed deployments
- Experience with supply chain security (Sigstore/cosign)
- You will be a Malay National to be considered
Success Measures:
- 90%+ repos covered by automated security gates
- Critical MTTR < 10 days
- < 5% change failure rate and steadily improving deployment times
Salary Range:
RM 126,000 - 172,000 per year + competitive benefits package included
Location: Kuala Lumpur, Malaysia (Hybrid working model)
- Locations
- Kuala Lumpur
- Remote status
- Hybrid
- Employment type
- Full-time
- Employment level
- Professionals

About K3 Capital Group
With over 1,000 employees across the Group, 30 offices in the UK, and international bases in Cyprus, Singapore, and Mauritius
Founded in
1998
Co-workers
1000+
Turnover
70M
Already working at K3 Capital Group?
Let’s recruit together and find your next colleague.