Global Fashion Group

Tóm tắt công việc

Global Fashion Group is the leading fashion and lifestyle destination in growth markets across LATAM, SEA and ANZ. From our people to our customers and partners, we exist to empower everyone to express their true selves through fashion. Our three e-commerce platforms: Dafiti, ZALORA and THE ICONIC connect an assortment of international, local and own brands to over 800 million consumers from diverse cultures and lifestyles. GFG’s platforms provide seamless and inspiring customer experiences from discovery to delivery, powered by art & science that is infused with unparalleled local knowledge. As part of the Group’s vision is to be the #1 online destination for fashion & lifestyle in growth markets, we are committed to doing this responsibly by being people and planet positive across everything we do.

THE TEAM

At GFG, Technology is core to long-term success and is a crucial enabler of a great Customer Experience. We are a mix of experts in fashion, logistics, data analytics, marketing, and design, guided by business consultants and tech geniuses – everyone contributes to the success of GFG.

We’re looking for a DevSecOps Engineer to work closely with team THE ICONIC in Australia.

You will be a part of THE ICONIC’s growing Security team, and will be responsible for helping continuously improve the overall security landscape for THE ICONIC. You will be responsible for uplifting THE ICONIC’s teams by bringing security seamlessly into their pipeline. You will work closely with our stakeholders to enhance all aspects of THE ICONICs cybersecurity practices as they work to implement the changes you recommend. 

SCOPE OF ROLE

• Participate in security audits on cloud infrastructure environments
• Create baseline of THE ICONIC’s security status
• Partner with engineering and security teams to add security to their delivery pipelines
• Design and develop automation solutions for application build and deployment
• Actively document all activities and participate in peer review for code and documentation
• Refine and enhance the edge-based security tools
• Drive the automated security testing into all CI/CD pipelines
• Security monitoring, incident response and reporting

• Experience in at least one Public Cloud (AWS or Azure or GCP)
• Experience integrating crucial security tasks into CI/CD pipelines.
• Experience working with microservices and serverless tech architectures
• Experience with Kubernetes/Docker   

Ways to stand out from the crowd

• ​​Can perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. 
• Experience performing static and dynamic code analysis (SAST/DSAT)
• Experience building/managing continuous compliance monitoring solutions.
• Experience designing/maintaining SIEM solutions
• Experience with secret management design and implementation
• Exposure to Incident Management approaches
• Background coding with Java, Python or Node.js
• Experience and familiarity with NIST, PCI, et. al. frameworks