Role Purpose: Embed security, compliance, and automation into build and release processes so teams can ship fast and safely across all K3 brands and divisions.

Key Responsibilities:

• Implement CI/CD templates with SAST/DAST/SCA and container scanning
• Enforce secrets management (OIDC to Key Vault, no long-lived credentials)
• Define and monitor policy gates for secure code
• Build SBOM generation, image signing, and provenance
• Automate compliance evidence and deployment checklists

Preferable Experience:

• 3+ years in DevOps/DevSecOps with GitHub Actions or Azure DevOps
• Hands-on with CodeQL/OWASP ZAP/Snyk/Trivy/Checkov
• Docker/Kubernetes fundamentals and scripting skills
• Track record reducing vulnerability backlog and failed deployments
• Experience with supply chain security (Sigstore/cosign)
• You will be a Malay National to be considered

Success Measures:

• 90%+ repos covered by automated security gates
• Critical MTTR < 10 days
• < 5% change failure rate and steadily improving deployment times

Salary Range:

RM 126,000 - 172,000 per year + competitive benefits package included

Location: Kuala Lumpur, Malaysia (Hybrid working model)