DevSecOps Engineer

Two95 International Inc.

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia permanent

Posted: March 24, 2026

Required Skills

Job Description

JOB DESCRIPTION:

We are looking for DevSecOps Engineer with 6-8 years of experience.

As a DevSecOps Engineer, you will be responsible for identifying, mitigating, and preventing security vulnerabilities in an organization's Application Programming Interfaces (APIs) throughout the entire software development lifecycle (SDLC).

Requirements:

Proficiency in programming languages such as Python, Java, JavaScript, or Go, to understand and review code effectively.

Direct hands-on experience developing and securing web APIs and web applications: REST, SOAP, gRPC.

Direct hands-on experience with security testing of web services and web APIs.

Experience with API Management solutions.

Knowledge of application threat modelling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus.

Responsibilities:

Conduct design reviews and threat modelling exercises for new APIs and features to proactively identify potential attack vectors and weak points before development begins.

Perform ongoing governance and follow-through with API owners to ensure implementation of threat-based requirements.

Support and consult with development and engineering teams in the areas of application security

Develop, deliver and keep up-to-date API security standard requirements and design patterns.

Validate implementation of API security controls against outputs of vulnerability testing tools to enable auditability and verifiability.

Serve as an API security technical advisor to application teams.

Experience working with AWS or other cloud environments (development/architecture)

Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20)

Perform security risk assessments for all proposed application-related (APIs) changes.

Examine source code for security flaws, insecure patterns, and hardcoded credentials, providing actionable feedback and remediation guidance to development teams.

Assist in the investigation and analysis of security incidents related to applications and APIs, helping to identify the root cause and implement remediation plans.

Develop and deliver secure coding guidelines and training programs for developers to foster a security-aware culture within the organization.

Enhance security monitoring and analyse API traffic logs for anomalies to detect and respond to real-time threats and business logic abuse.

Must-Have Skills:

In-depth knowledge of REST, GraphQL, SOAP, and authentication mechanisms like OAuth 2.0, OpenID Connect (OIDC), and JWT.

Expertise in identifying and mitigating top API threats (broken object-level authorization, injection, security misconfiguration) and using tools for DAST/SAST, such as Postman, Burp Suite, and Swagger.

Proficient in scripting languages, primarily Python or Go, for automating security testing and developing security tools.

Understanding cloud infrastructure (AWS/Azure/GCP) security, container security (Kubernetes/Docker), and API gateways.

Ability to perform threat modeling (STRIDE) and design secure APIs, including encryption (TLS), rate limiting, and input

Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.

Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities.

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.