Summary of Job Responsibilities
DevOps is responsible for integrating developer experience, infrastructure and technology operations support to enhance software development and deliver solutions inclusive of gaming related systems to achieve Sands business objectives.
Job Responsibilities
The primary responsibility of the AppSec Engineer is to develop, manage and maintain the security, administration, configuration, troubleshooting, automation of security analysis of solutions within Sands.
The DevOps function will deploy and support cloud and on-premises infrastructure and services to meet the requirements of business or IT initiatives. The team will develop, maintain, and execute infrastructure as code scripts and playbooks to automate deployment and maintenance tasks to ensure the availability, reliability, and efficient operation of the enterprise systems.
The AppSec Engineer will be responsible for the evolution of application security functions and services. The position demands someone who is highly technically competent, detail oriented, and driven to stay current with evolving technologies.
The DevOps team will work closely with the Corp IT and Corp Cyber Security leadership in coordinating the strategy, architecture and security initiatives and all auditing activities across all team activities. A key part of the position is supporting compliance efforts related to secure SDLC processes and infrastructure.
All duties are to be performed in accordance with departmental and Sands’ policies, practices, and procedures.
JOB REQUIREMENTS
Education & Certification
- Bachelor's degree required.
Eligibility
- Evidence of right to work in local jurisdiction (Singapore)
- Ability to obtain jurisdictional gaming license as required (GRA)
Years of Experience
- 8 -10 years of relevant work experience
Communication Skills
- Ability to effectively communicate with both technical and non-technical peers and business stakeholders, as well as executive level management.
- Ability to communicate clearly in a multicultural, multinational environment and in cross-functional matrixed teams.
- Exceptional verbal and written communication skills
- Ability to read Chinese a plus.
- Presentation skills and an ability to engage audiences at the highest levels of the organization.
Business Acumen and Analytical Skills
- Understanding of business processes and basic corporate finance, management, and accounting principles
- Deep understanding of hospitality and gaming business processes and compliance constraints
- Demonstrates strategic thinking in a highly complex environment.
- Exceptional analytical, statistical, quantitative, and deduction skills
- Leads, influences, and mentor’s others.
- Demonstrates pragmatic judgment.
Behavioral Traits
- Excellent interpersonal skills
- Demonstrates a strong attention to detail.
- Ability to build relationships and work well across functions.
- Ability to work independently, self-manage, and engage collaboratively with a team.
- Demonstrates the capacity to manage changing priorities and ambiguity.
- Establishes goals, monitors progress toward them, and ultimately achieves these goals.
- Retains objectivity and proper understanding of a problem or situation when placed under conditions of stress.
- Willingness to travel internationally.
Security and Privacy
- Knowledge of secure coding best practices and security framework standards: NIST, COBIT, ISO.
- Experience architecting solutions that comply with compliance regulations such as: PCI, GLBA, SOX, Basel III
- Experience implementing controls for privacy legislation such as: HIPAA, COPPA, FCRA, GLB and GDPR
Technology Skills Requirements
- Proven experience of working in AppSec within DevOps or DevSecOps groups
- Experience in developing processes that produce artifacts that support security and compliance requirements.
- Ability to design and implement secure automation solutions for development, testing, and production environments.
- Experience in supporting multiple agile teams across various platforms, environments, and instances.
- Experience of implementing security best practices and configuration management
- Ability to employ infrastructure-as-code to increase automation, scalability, and reliability.
- Experience in cloud based containerized environments (Kubernetes, Docker)
- Deep technical experience of securing, monitoring, and maintaining infrastructure for in-house developed applications.
- Expertise in 3rd party library security scanning, static code scanning, code hygiene, dynamic code scanning,
- Experience in leading the organisation's application security tooling, problem intake and remediation process.
- Ability to lead the remediation of application vulnerability screening and results of penetration testing.
- Knowledge of container security, AWS EKS, Azure AKS, Helm
- Knowledge of IAM, cloud trail, guard duty, WAF, SDLC practices, basic scripting skills
- Experience with common programming and scripting languages, such as Golang, Ruby, C/C++, C#, Python, JavaScript, Bash
- Latent desire and/or curiosity in related domain like software development, front-end engineering, security, or project management
- Familiar with designing solutions to complex technical issues and working with other technology or cyber security experts, including architects and vendors.
- Resolves any technical problems discovered by DevOps, development, or testers and any internal clients.
- Provide deep subject matter expertise across multiple disciplines including IT infrastructure, security, business application and system integration.
- Familiar with cloud offerings including, but not limited to, Alibaba, Amazon Web Services, Azure, and Google Cloud Platform.
- Knowledge of Agile software development principles, Continuous Integration and Deployment (CICD), and DevOps
- Knowledge of software vulnerabilities and remediation (OWASP/SANS CWE)
- Experience implementing identity strategies and application integrations including LDAP, Kerberos, SAML, OAuth, OpenID Connect
- Experience in developing secure configurations across Integration APIs, GraphQL and deployment on API Gateways such as Azure APIM GW, MuleSoft API GW etc.
- Ability to perform technical due diligence on platforms and solutions when limited or no documentation is available.
- Ability to grasp wide range of technologies from IOT, Edge, Datacenter, and cloud to offer solutions.
Marina Bay Sands is committed to building a diverse, equitable and inclusive workforce, providing equal opportunities as we grow our talent base to match our growth ambitions in Singapore. Our employees are committed to adhere to and abide by all rules, regulations, policies and procedures, including the rules of conduct and business ethics of the Company.