Search
Header navigation

DevOps Engineer

OPSWAT
locationHo Chi Minh City, Ho Chi Minh, Vietnam
PublishedPublished: 6/14/2022
Full Time

<div class="content-intro"><p><span class="acronym-highlight">OPSWAT</span>, a global leader in IT, <span class="acronym-highlight">OT</span>, and <span class="acronym-highlight">ICS</span> critical infrastructure cybersecurity, delivers an end-to-end platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks, secure their devices, and ensure compliance. Over the last 20 years our commitment to innovative technology has earned the trust of more than 1,700 organizations, governments, and institutions globally, solidifying our role in protecting the world’s critical infrastructure and securing our way of life.</p></div><p><strong>The Position</strong></p>
<p>&nbsp;</p>
<ul class="ak-ul" data-local-id="e1fae2e3278e" data-indent-level="1">
<li>
<p data-renderer-start-pos="267" data-local-id="bb5278bb8d20">Join the infrastructure team behind MDaaS — a real-time malware scanning platform handling 30M+ requests/day, built on AWS, Kubernetes, and event streaming.</p>
</li>
<li>
<p data-renderer-start-pos="428" data-local-id="7ecc66903a0b">You'll work in an agile scrum team, owning infrastructure-as-code, CI/CD pipelines, and observability. Security and compliance are first-class requirements, not afterthoughts.</p>
</li>
</ul>
<p><strong>What You Will be Doing</strong></p>
<p>&nbsp;</p>
<ul class="ak-ul" data-local-id="3eed5d16cfad" data-indent-level="1">
<li>
<p data-renderer-start-pos="646" data-local-id="687a2eead4b1">Deploy and maintain workloads on <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">EKS</span></span></span> via ArgoCD — review GitOps PRs, handle sync failures, approve image updates</p>
</li>
<li>
<p data-renderer-start-pos="762" data-local-id="f66cee5d6d6d">Write and update Helm charts / Kustomize overlays across dev / staging / prod</p>
</li>
<li>
<p data-renderer-start-pos="843" data-local-id="8244ed03ba58">Triage alerts from Prometheus / Grafana / Coralogix — root cause analysis, resolve or escalate</p>
</li>
<li>
<p data-renderer-start-pos="941" data-local-id="906450ca5efe">Review and apply Terraform changes — plan, validate, and merge infra PRs (<span data-highlighted="true" data-vc="highlighted-text">EKS</span>, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">MSK</span></span></span>, ALB, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">IAM</span></span></span>)</p>
</li>
<li>
<p data-renderer-start-pos="1038" data-local-id="a7fcaf54d01b">Maintain CI/CD pipelines on Bitbucket Pipelines and GitHub Actions — fix broken builds, integrate security scans</p>
</li>
<li>
<p data-renderer-start-pos="1154" data-local-id="f2863e0342cc">Configure and tune <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">KEDA</span></span></span> ScaledObjects for Kafka / RabbitMQ consumers</p>
</li>
<li>
<p data-renderer-start-pos="1226" data-local-id="dc2319b8a950">Triage CVEs from Blackduck / Trivy reports — prioritize <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">CVSS</span></span></span> ≥ 7.0, coordinate patches with dev team</p>
</li>
<li>
<p data-renderer-start-pos="1330" data-local-id="33cdf7e82571">Rotate secrets, verify External Secrets Operator sync, enforce no-hardcoded-credentials policy</p>
</li>
<li>
<p data-renderer-start-pos="1428" data-local-id="bb22700b54b1">Document infrastructure and application changes for engineers and QA</p>
</li>
<li>
<p data-renderer-start-pos="1500" data-local-id="be62d14e5666">Participate in on-call rotation — incident response, post-mortems, runbook updates</p>
</li>
<li>
<p data-renderer-start-pos="1586" data-local-id="e1111952aa61">Research new tools and technologies to address current pain points and improve system reliability, scalability, and security — evaluate, prototype, and propose adoption when appropriate</p>
</li>
</ul>
<p>&nbsp;</p>
<p class="h3 mb-4"><strong>What We Need From You</strong></p>
<p>&nbsp;</p>
<p data-renderer-start-pos="1806" data-local-id="cdaf8bd244fd"><strong data-renderer-mark="true">Education &amp; Background</strong></p>
<ul class="ak-ul" data-local-id="b8cbf1d44655" data-indent-level="1">
<li>
<p data-renderer-start-pos="1832" data-local-id="ee28ecb18b5a">BA/<span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">BS</span></span></span> in Computer Science, Engineering, or equivalent hands-on experience</p>
</li>
</ul>
<p data-renderer-start-pos="1909" data-local-id="622bdf0b2b19"><strong data-renderer-mark="true">Soft Skills</strong></p>
<ul class="ak-ul" data-local-id="27a75f24be9f" data-indent-level="1">
<li>
<p data-renderer-start-pos="1924" data-local-id="423782b6bf52">Strong verbal and written communication in English</p>
</li>
<li>
<p data-renderer-start-pos="1978" data-local-id="37ac4c61ee91">Self-motivated; works well in a fast-paced, collaborative team</p>
</li>
<li>
<p data-renderer-start-pos="2044" data-local-id="4b921ae60f57">Eager to learn new tools and apply them quickly</p>
</li>
<li>
<p data-renderer-start-pos="2095" data-local-id="37691fafb033">Passionate about solving problems in a principled, elegant way</p>
</li>
<li>
<p data-renderer-start-pos="2161" data-local-id="c3059ba67d74">Comfortable both teaching and learning from teammates</p>
</li>
</ul>
<p data-renderer-start-pos="2218" data-local-id="19b9f5781299"><strong data-renderer-mark="true">Cloud &amp; Infra</strong></p>
<ul class="ak-ul" data-local-id="96ea53da65fa" data-indent-level="1">
<li>
<p data-renderer-start-pos="2235" data-local-id="4bf91fb24ef9">AWS hands-on: <span data-highlighted="true" data-vc="highlighted-text">EKS</span>, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">ECR</span></span></span>, <span data-highlighted="true" data-vc="highlighted-text">IAM</span>/<span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">IRSA</span></span></span>, <span data-highlighted="true" data-vc="highlighted-text">MSK</span>, S3, ALB, VPC, Security Groups</p>
</li>
<li>
<p data-renderer-start-pos="2307" data-local-id="c5ee26e1d040">Terraform: write modules, manage remote state, integrate with CI</p>
</li>
<li>
<p data-renderer-start-pos="2375" data-local-id="d1063a61498d">Kubernetes: <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">RBAC</span></span></span>, ingress, network policies, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">HPA</span></span></span>, resource tuning — cluster management via Rancher or K9s</p>
</li>
<li>
<p data-renderer-start-pos="2484" data-local-id="fa374ac1f1c9">Helm + Ansible: author charts and playbooks, manage versioning</p>
</li>
<li>
<p data-renderer-start-pos="2550" data-local-id="117684ed002c">Docker: multi-stage builds, image optimization</p>
</li>
<li>
<p data-renderer-start-pos="2600" data-local-id="64a7fb3b6ef7">Linux/Windows systems administration</p>
</li>
</ul>
<p data-renderer-start-pos="2640" data-local-id="e5e963288adc"><strong data-renderer-mark="true">CI/CD &amp; GitOps</strong></p>
<ul class="ak-ul" data-local-id="e17f40d610ba" data-indent-level="1">
<li>
<p data-renderer-start-pos="2658" data-local-id="572c8e175a2b">Bitbucket Pipelines, GitHub Actions, or TeamCity — write and maintain, not just use</p>
</li>
<li>
<p data-renderer-start-pos="2745" data-local-id="45e0c23e3a5f">ArgoCD: sync policy, health checks, rollback</p>
</li>
<li>
<p data-renderer-start-pos="2793" data-local-id="ba15f9a0cf92">PR-based deployments; no direct commits to main/prod</p>
</li>
</ul>
<p data-renderer-start-pos="2849" data-local-id="9d6c902d831a"><strong data-renderer-mark="true">Observability</strong></p>
<ul class="ak-ul" data-local-id="f00f68d78af3" data-indent-level="1">
<li>
<p data-renderer-start-pos="2866" data-local-id="b5de338c9d7a">Prometheus, Grafana, CloudWatch, Elasticsearch — setup and maintain</p>
</li>
<li>
<p data-renderer-start-pos="2937" data-local-id="4da1e8209420">Structured logging, alert routing, dashboard authoring</p>
</li>
</ul>
<p data-renderer-start-pos="2995" data-local-id="af20bac670d5"><strong data-renderer-mark="true">Security</strong></p>
<ul class="ak-ul" data-local-id="110d050ada4a" data-indent-level="1">
<li>
<p data-renderer-start-pos="3007" data-local-id="66995caff70d">Least privilege: <span data-highlighted="true" data-vc="highlighted-text">IAM</span>, <span data-highlighted="true" data-vc="highlighted-text">IRSA</span>, K8s <span data-highlighted="true" data-vc="highlighted-text">RBAC</span> — no wildcard permissions</p>
</li>
<li>
<p data-renderer-start-pos="3073" data-local-id="f9664f0793f8">Secret management: External Secrets / AWS Secrets Manager, zero hardcoded credentials</p>
</li>
<li>
<p data-renderer-start-pos="3162" data-local-id="2c280d366c42">Supply chain: dependency scanning (Blackduck / Snyk / Trivy), <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">CVE</span></span></span> triage by <span data-highlighted="true" data-vc="highlighted-text">CVSS</span> score</p>
</li>
<li>
<p data-renderer-start-pos="3252" data-local-id="9c3ac652ac87">Network segmentation: private subnets, Security Groups, ingress/egress control</p>
</li>
<li>
<p data-renderer-start-pos="3334" data-local-id="9acbb5439334">Working knowledge of ISO/<span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">IEC</span></span></span> 27001 and SOC 2 Type II — access control, audit trail, change management</p>
</li>
<li>
<p data-renderer-start-pos="3439" data-local-id="d05c2ad7a378">Familiar with <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">CIS</span></span></span> Benchmarks for Kubernetes and Linux hardening</p>
</li>
</ul>
<p data-renderer-start-pos="3506" data-local-id="b4fc27e0f6f6"><strong data-renderer-mark="true">Development</strong></p>
<ul class="ak-ul" data-local-id="232dcd9d9475" data-indent-level="1">
<li>
<p data-renderer-start-pos="3521" data-local-id="b4e91db0ab25">Python and/or Go — scripting, tooling, automation</p>
</li>
<li>
<p data-renderer-start-pos="3574" data-local-id="647a48692d92">Able to read Node.js/TypeScript code to debug service issues independently</p>
</li>
</ul>
<p data-renderer-start-pos="3652" data-local-id="8e8605781b12"><strong data-renderer-mark="true">AI &amp; Tooling</strong></p>
<ul class="ak-ul" data-local-id="f8734fad7fef" data-indent-level="1">
<li>
<p data-renderer-start-pos="3668" data-local-id="c3b092610bd6">Actively uses AI coding tools (GitHub Copilot, Cursor, Claude) in daily workflow — writing scripts, Terraform modules, Helm templates, and debugging</p>
</li>
<li>
<p data-renderer-start-pos="3820" data-local-id="1d03748c4c24">Knows how to prompt effectively, verify AI output, and not blindly trust generated infrastructure code</p>
</li>
</ul>
<p><strong>Nice-to-have</strong></p>
<ul class="ak-ul" data-local-id="7ffc9dba49c6" data-indent-level="1">
<li>
<p data-renderer-start-pos="3962" data-local-id="3ab2ea41f212">Experience in the cybersecurity industry</p>
</li>
<li>
<p data-renderer-start-pos="4006" data-local-id="5d27d7fc43de">Knowledge of compliance frameworks: <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">NIST</span></span></span> <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">CSF</span></span></span>, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">HIPAA</span></span></span>, <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">GDPR</span></span></span> — applied to real infrastructure</p>
</li>
<li>
<p data-renderer-start-pos="4100" data-local-id="35d1a4125fbf">Istio: mTLS, VirtualService/DestinationRule, traffic management</p>
</li>
<li>
<p data-renderer-start-pos="4167" data-local-id="7e17991ef034"><span data-highlighted="true" data-vc="highlighted-text">KEDA</span> advanced: custom metrics, scale-to-zero, cooldown tuning</p>
</li>
<li>
<p data-renderer-start-pos="4232" data-local-id="5f81d073b464">Kafka (<span data-highlighted="true" data-vc="highlighted-text">MSK</span>) operations: topic management, consumer lag, AKHQ</p>
</li>
<li>
<p data-renderer-start-pos="4296" data-local-id="0d7065a40ca0">Policy-as-code: <span data-highlighted="true" data-vc="highlighted-text"><span class="_kqswh2mm"><span class="_5pioz8co _189e1dm9 _1il9buyh _19lc184f _d0altlke" data-testid="definition-highlighter">OPA</span></span></span>/Gatekeeper or Kyverno</p>
</li>
<li>
<p data-renderer-start-pos="4341" data-local-id="a2cf5094e489">OWASP container and API security principles</p>
</li>
<li>
<p data-renderer-start-pos="4388" data-local-id="f503bec09ee9">Coralogix / Datadog with OpenTelemetry — custom pipelines, alert routing</p>
</li>
<li>
<p data-renderer-start-pos="4464" data-local-id="434a1f003579">Kubecost cost analysis, Kubeshark traffic capture</p>
</li>
<li>
<p data-renderer-start-pos="4517" data-local-id="359f9ea7903c">Experience with large-scale systems: 30M+ requests/day</p>
</li>
<li>
<p data-renderer-start-pos="4575" data-local-id="79a87d9dce6d">Azure exposure (secondary to AWS)</p>
</li>
<li>
<p data-renderer-start-pos="4612" data-local-id="6f72b65f1ec5">Has used AI to generate, review, or optimize infrastructure-as-code (Terraform, Helm, bash scripts) and understands its limitations: hallucinations, outdated API references, security blind spots</p>
</li>
<li>
<p data-renderer-start-pos="4810" data-local-id="d857c52a054c">Experimented with AI APIs (OpenAI, Anthropic) to build internal automation or tooling</p>
</li>
</ul>
<p>&nbsp;</p>
<p>&nbsp;</p><div class="content-conclusion"><p>OPSWAT is an equal opportunity employer. We celebrate diversity and are committed to providing an environment where equal employment opportunities are extended to all employees and applicants, free of discrimination and harassment of any type. All employment decisions are based on individual qualifications, job requirements, and business needs without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other category protected by federal, state, or local laws.</p>
<p>Recruiting Agencies: we do not accept unsolicited resumes from third party agencies for any of our open positions. To submit resumes for our jobs, there must be a recruiting contract approved by our legal team and endorsed by both parties. We are currently not accepting additional 3rd party agencies at this time.</p>
<p>&nbsp;</p></div>

Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...