NCS is a leading AI Tech Services company. With a 15,000-strong team across the Asia Pacific, NCS scales its platforms and capabilities to provide clients with greater agility and AI expertise across a range of Industries. Embracing a strong ecosystem of global partners, NCS transforms technology services delivery combining AI with digital resilience to drive real business impact. NCS is a subsidiary of the Singtel Group.

We’re looking for a DevSecOps Engineer to own the security, reliability, and delivery of our Azure platform and Kubernetes workloads. You’ll be the hands-on technical engineer for secure-by-default infrastructure—automating everything-as-code, and partnering with product teams to do deployment and enabling fast shipping of codes without trading off security or resilience.

Responsibilities:
Platform engineering (Azure): 

• Build and evolve Azure Landing Zones, Management Group hierarchy, subscription vending, and policy-as-code guardrails using Azure Policy or equivalent tools.

Kubernetes (AKS):

• Design & operate private AKS clusters (Azure CNI/Calico etc), implement Pod Security Standards, network policies (Calico/Cilium), workload identity (Entra OIDC/Workload Identity), and secure ingress/egress.

CI/CD & supply chain:

• Standardize pipelines in GitHub Actions / Azure DevOps; enforce SBOM, image scanning, cosign signing/verification, provenance (SLSA-aligned) and immutable deploys (GitOps with Argo CD/Flux).

Identity & secrets:

• Implement Entra ID RBAC & PIM, Managed Identities, Key Vault / Secrets Store CSI, and secret rotation practices.

Observability & IR:

• Establish Azure Monitor / Log Analytics baselines, tracing, SLOs, and actionable alerts; integrate with Microsoft Sentinel; lead incident response and postmortems.

Cloud security posture:

• Drive Defender for Cloud coverage, vulnerability management (containers, hosts, code), and automated remediation.

Networking & data protection: 

• Hub-and-spoke or vWAN, Private Link/Endpoints, Private DNS, Firewall/NAT Gateway egress control; encryption at rest & in transit, KMS integrations.

Resilience & DR:

• Backups (RSV/Velero), multi-region patterns, chaos exercises, capacity planning; codify DR runbooks and perform tests.

FinOps & compliance:

• Implement tagging/budgets, right-sizing, Reservations/Savings Plans; map controls to CIS/NIST/ISO and produce audit evidence from pipelines.

Coaching & enablement:

• Pair with product teams, review designs/PRs, write reference modules/templates, and uplift platform literacy across the org.

Security Hardening:

• Enable hardening for respective components, including but not limited to OS hardening, Application Hardening, Azure Services hardening.

• 7+ years in DevOps/SRE/Platform Engineering with 3+ years on Azure and 2+ years operating Kubernetes in production.
• Proven delivery of Azure Landing Zones or equivalent enterprise Azure foundations, expressed as Terraform or Bicep modules.
• Strong with GitHub Actions/Azure DevOps, artifacts, environments, approvals, reusable workflows.
• Hands-on with container runtime security & policy: OPA/Gatekeeper or Kyverno, Pod Security restricted, read-only root FS, capability drops, seccomp/AppArmor.
• Network security in K8s: NetworkPolicy default-deny, ingress controllers (Nginx/AGIC), egress control, TLS everywhere, mTLS preferred.
• Image lifecycle: private registries (ACR), pull-through caches, cosign signing & admission verification, Nessus scanning.
• Observability: Azure Monitor/Logs, DCRs, dashboards, SLOs, alert routing to ITSM; experience integrating with Sentinel or enterprise SIEM.
• Infra & config as code at scale; linting/testing/policy gates; change automation and drift detection (GitOps).
• Solid Linux fundamentals, networking, PKI, and incident response.

We are driven by our AEIOU beliefs—Adventure, Excellence, Integrity, Ownership, and Unity—and we seek individuals who embody these values in both their professional and personal lives. We are committed to our Impact: Valuing our clients, Growing our people, and Creating our future.  

Together, we make the extraordinary happen.   

Learn more about us at ncs.co and visit our LinkedIn career site. 

We are driven by our AEIOU beliefs—Adventure, Excellence, Integrity, Ownership, and Unity—and we seek individuals who embody these values in both their professional and personal lives. We are committed to our Impact: Valuing our clients, Growing our people, and Creating our future.

Together, we make the extraordinary happen.

Learn more about us at ncs.co and visit our LinkedIn career site.

Scam Alert

We are aware of fraudulent job offers and impersonations of NCS recruiters. Phishing emails using convincing-looking but fake addresses are also commonly used to trick you into thinking that they come from official NCS sources.

Please note that all official communications from NCS Group will only be sent from verified corporate email addresses. Always check that the sender’s email address ends with the genuine NCS domain, @ncs.com.sg and beware of extra letters, symbols or misspellings. When in doubt, verify the sender’s identity by contacting us at [email protected].