DevSecOps Engineer

- Singapore
Technology

Job description

About WhiteCoat

WhiteCoat is a Singapore-headquartered omnichannel provider of integrated health and wellness services that serves as the first and single touchpoint for all care needs in Southeast Asia.

Since launching in 2018, WhiteCoat’s digital platform powers a wide range of services including tele- and in-person consultations, as well as medication fulfilment and diagnostic testing, across primary, specialist and allied care. With a focus on the B2B space, WhiteCoat has forged strategic partnerships with the region’s leading insurers, corporates and care providers, to provide accessible and affordable high-quality care to its users.

The Group currently has offices in Singapore, Indonesia, Malaysia and Vietnam. For more information on WhiteCoat, please visit https://whitecoat.global.

What you will be doing

We are looking for a DevSecOps Engineer to help build, secure, and automate WhiteCoat’s digital infrastructure while maintaining our ISO 27001-certified Information Security Management System (ISMS). As a DevSecOps Engineer, you will work closely with our engineering, QA, and compliance teams while being mentored by senior technical leads. This role reports to Director, Technical Programme (WhiteCoat’s DevSecOps Lead).

On a day-to-day basis, this means you will:

Maintain and optimise CI/CD pipelines for microservices, mobile apps, and infrastructure-as-code (IaC) using GitHub Actions, GitLab CI, Terraform, and Helm.
Automate AWS environment provisioning and patching across dev, staging, and production, enforcing least privilege through IAM and policy management.
Monitor and respond to system alerts via CloudWatch, GuardDuty, and Wazuh; lead incident response calls, conduct post-mortems, and refine response playbooks.
Enforce change management controls and safe deployment practices in line with internal security policies.
Maintain and continuously improve our ISMS, including ISO 27001 documentation, risk treatment plans, and corrective action tracking.
Review and update security policies such as Access Control, Cryptography, MDM, and Third-Party Risk on a regular basis.
Conduct periodic risk assessments, vendor reviews, and internal audits; prepare for external ISO surveillance audits.
Lead quarterly security awareness training and deliver onboarding briefings to new team members.
Prepare and present monthly security KPIs and audit updates to technical and business leadership.

Our Benefits

Make a Real Impact: Opportunity to contribute to a leading digital health company's rapid growth.
Fast-paced Start-up Environment: Experience an environment where you get to own and make tangible impact without bureaucracy getting in the way of rapid decision-making.
Great Team: Collaborate with intelligent, friendly, and supportive professionals from diverse backgrounds.
Hands-on Learning & Growth: Dual-track mentorship in DevOps and InfoSec, with exposure to a real-world ISO-certified environment.
Competitive Compensation & Benefits: Competitive compensation and performance-based bonus. Holistic health insurance for your peace of mind for both in-patient and out-patient coverage.

How to apply

If you believe you have what it takes for this role, click ‘Apply’ and join us on our journey to make a positive impact on the lives of people through innovative healthcare solutions!

Job requirements

What we are looking for

Required:

Experience with AWS core services (e.g., EC2, VPC, IAM, S3, RDS).
Proficiency with Terraform or CloudFormation for infrastructure-as-code.
Familiarity with Linux systems and scripting in Bash or Python.
Working knowledge of ISO 27001 controls, and awareness of PDPA/GDPR principles.
Strong communication skills—especially for writing post-incident reports, audit findings, and policy documentation.

Good to have:

Diploma or Bachelor’s degree in Computer Science, Information Security, Engineering, or a related discipline.
0–3 years of experience in DevOps, SysAdmin, or Security roles (internships included). We are open to fresh graduates with relevant security experiences.
AWS Cloud Practitioner certification, or ability to obtain it within 6 months of joining.
Proficiency with Docker/Kubernetes.
Experience with SIEM tools such as Wazuh, ELK, and Splunk.
Experience with vulnerability management (e.g. SCA, container scanning, Nessus).
CompTIA Security+, AWS Security Specialty, or ISO 27001 Lead Implementer/ Auditor certs.

My information

Fill out the information below

Full name

Email address

Phone number

CV or resume

Upload your CV or resume file

Upload a file or drag and drop hereAccepted files: PDF, DOC, DOCX, JPEG and PNG up to 50MB.

Cover letter

Upload your cover letter

Upload a file or drag and drop hereAccepted files: PDF, DOC, DOCX, JPEG and PNG up to 50MB.

Questions

Please fill in additional questions

Do you require any work pass sponsorship?

Yes

What is your expected monthly salary in S$?

What is your current monthly salary in S$?

In a sentence or two, share with us why do you want to be part of WhiteCoat?

Please provide a link to your Github profile, if any:

If you are referred to this role by someone in WhiteCoat, please provide us with the person's full name.