Kuala Lumpur
·
Hybrid
DevSecOps Analyst
Role Purpose: Embed security, compliance, and automation into build and release processes so teams can ship fast and safely across all K3 brands and divisions.
Key Responsibilities:
- Implement CI/CD templates with SAST/DAST/SCA and container scanning
- Enforce secrets management (OIDC to Key Vault, no long-lived credentials)
- Define and monitor policy gates for secure code
- Build SBOM generation, image signing, and provenance
- Automate compliance evidence and deployment checklists
Preferable Experience:
- 3+ years in DevOps/DevSecOps with GitHub Actions or Azure DevOps
- Hands-on with CodeQL/OWASP ZAP/Snyk/Trivy/Checkov
- Docker/Kubernetes fundamentals and scripting skills
- Track record reducing vulnerability backlog and failed deployments
- Experience with supply chain security (Sigstore/cosign)
- You will be a Malay National to be considered
Success Measures:
- 90%+ repos covered by automated security gates
- Critical MTTR < 10 days
- < 5% change failure rate and steadily improving deployment times
Salary Range:
RM 126,000 - 172,000 per year + competitive benefits package included
Location: Kuala Lumpur, Malaysia (Hybrid working model)
- Locations
- Kuala Lumpur
- Remote status
- Hybrid
- Yearly salary
- MYR126,000 - MYR172,000
- Employment type
- Full-time
- Employment level
- Professionals

About K3 Capital Group
With over 1,200 employees across the Group, 30 offices in the UK, and international bases in Malaysia, Hong Kong, Cyprus, Vietnam, Singapore, and Mauritius
Founded in
1998
Co-workers
1400+
Turnover
70M
Already working at K3 Capital Group?
Let’s recruit together and find your next colleague.