Make Your Resume Now

DevSecOp Engineer

Sime Darby Property Berhad
Malaysia
Posted September 08, 2025

Job Overview

Requirements

Key Responsibilities

  1. Endpoint, Email & SaaS Protection
    • Administer Microsoft Defender for Endpoint/Identity/Office/Cloud Apps; maintain Trend Micro Cloud App Security (where applicable).
    • Design, deploy, and maintain AV/EPP/EDR and XDR policies (real-time/tamper protection, ASR, ransomware protections).
    • Maintain sensor health & coverage; drive remediation for unhealthy/missing agents via Intune/SCCM.
    • Administer anti-phishing, Safe Links/Attachments, and BEC/impersonation protections tuned for SDP business flows (e.g., tenders, vendor onboarding).
  2. Data Protection
    • Operate endpoint/M365 DLP (policies, labels, monitoring).
    • Enforce device encryption (BitLocker), device/USB control, and application control with governed exceptions.
  3. Vulnerability & Patch Operations
    • Run authenticated scanning across endpoints, servers, and site devices; prioritize via asset criticality and exposure scores (e.g., Secure Score/Defender Exposure Score).
    • Coordinate remediation SLAs with owners; track through ITSM and verify closure.
  4. Investigations & Digital Forensics
    • Lead investigations into malware outbreaks, suspicious XDR activity, email/BEC attempts, DLP events, account compromise, policy breaches, and third-party incidents impacting SDP.
    • Work hand-in-hand with the SOC for containment/eradication, evidence handling, RCA, and post-incident improvements.
  5. Network Security & Access Controls
    • Operate NAC (802.1X, guest/corporate segmentation); close gaps allowing unmanaged/personal devices.
    • Partner with IAM/PAM to enforce least privilege, Conditional Access, and compliant-device requirements.
  6. VAPT Program Management
    • Plan, coordinate, and execute SDP’s risk-based VAPT program across internet-facing portals, core business applications (e.g., IFCA), cloud (Azure/M365), network/security controls (NAC/SD-WAN), and selected site/IoT footprints—driving timely remediation and measurable risk reduction.
    • Manage vendor testing, log findings in ITSM, and drive retests to closure.

 

Scope of Technology coverage

  • Endpoint protection: Microsoft Defender for Endpoint (EPP/EDR), Trend Micro (Apex One / Cloud App Security).
  • Email & SaaS security: M365 Defender for Office 365; Trend Micro CAS (if applicable).
  • Data protection: M365 DLP/labels, BitLocker, device/USB control, WDAC/AppLocker.
  • Vulnerability & posture: Tenable/Nessus (or equivalent), Secure Score/Defender Exposure Score, Intune/SCCM compliance.
  • Privileged Access: Establish and operate a least-privilege, just-in-time (JIT) model for privileged identities (cloud, on-prem, applications, databases, network, site/IoT).
  • Network adjuncts: NAC integrations (802.1X posture, unmanaged device quarantine), secure web access/SWG (where applicable).
  • Management & plumbing: Intune/SCCM/GPO, Freshdesk  ITSM, Sentinel playbooks, license portals.

Minimum Qualifications

  • Bachelor’s in Cybersecurity/IT or equivalent experience.
  • 2 – 5 years in SOC/IR, XDR/SIEM operations, EDR, email security, and network security (NAC/SD-WAN familiarity preferred).
  • Hands-on with Microsoft Sentinel & Defender suite, Azure Cloud, and M365 security.

Certificates (nice to have)

  • Microsoft SC-200 / SC-300 / SC-400, AZ-500
  • CompTIA Security+, CySA+, PenTest+
  • GIAC (GCIA, GCED, GCIH) or equivalent

 

Ready to Apply?

Take the next step in your career journey

Apply Show More Jobs

Stand out with a professional resume tailored for this role

Build Your Resume – It’s Free!