DevSecOps Engineer

We operate a highly available, auto-scaling environment built on Apache load balancers, Docker containers, and GCP services (Cloud Armor, Cloud NAT, Filestore, Cloud SQL , File sharing). With Jenkins-driven CI/CD, security is woven into every layer. You will partner with our CTO and IT Manager to:

• Harden the platform end-to-end.
• Run 24 × 7 monitoring and always available for any incident response and support.
• Own backup, disaster-preparedness, and recovery (DPR).
• Keep attackers out while the business scales.

Key responsibilities

• Build and maintain secure CI/CD pipelines in Jenkins + Bitbucket.
• Write Bash / shell scripts to automate provisioning and deployments on Ubuntu / Debian.
• Harden Dockerfiles, Docker Compose manifests, and base OS images.
• Design scalable, secure server and network architectures for companies projects.
• Configure, tune, and monitor ModSecurity (OWASP CRS), Fail2Ban, Firewall and Google Cloud Armor.
• Design and automate backup & DPR strategies:
  • Automated MySQL dumps, encrypted bucket snapshots, GCP → AWS cross-cloud replication.
  • Schedule and run regular restore drills; document and meet RTO/RPO targets.
• Deploy centralized logging and metrics visualizations with actionable alerts. (ElasticxKibana)
• Lead incident handling, root-cause analysis, and continuous security improvements.
• Champion secure-coding practices (OWASP,WAF rules) across development teams.
• Produce clear technical documentation, performance reports, and daily monitoring summaries.
• Monitoring server and cloud architect usage and spending with best solutions provided.

Requirements

• 3+ years in DevOps, Site Reliability, or Cloud Security roles.
• Expert knowledge of Docker and at least one orchestration layer (Compose, Swarm, or Kubernetes).
• Strong Linux administration skills (Debian/Ubuntu) and fluent Bash scripting.
• Hands-on experience with ModSecurity, Fail2Ban, Apache Evasive and Cloud Armor rule tuning.
• Proven track record designing and testing backup/DPR pipelines (snapshots, cross-region replication, automated restores).
• CI/CD expertise with Jenkins; solid Git workflow skills (Bitbucket or similar).
• Solid understanding of common attack vectors (SQLi, XSS, SSRF, DDoS) and their mitigations.
• Comfortable working in GCP (AWS experience is a plus).
• English—clear written documentation and chat message response
  Able to communicate.
• Working condition: Office based, Pattaya

Tech stack you’ll touch

• OS – Ubuntu / Debian
• Containers – Docker, Docker Compose
• CI/CD – Jenkins, Bitbucket Pipelines
• Web – Apache (proxy, mod_evasive, ModSecurity, etc.)
• Databases – MySQL / MariaDB (command-line administration, backup/restore)
• Scripting – Bash / shell; familiarity with Python or Node.js helpful
• Cloud – GCP (Cloud Armor, Cloud NAT, Filestore, Cloud SQL), cPanel (legacy sites), Samba File Sharing and Webmin
• Version Control – Git (branching, tagging, recovery)
•  Monitoring Stacks – (Elastic, Kibana, Logstash , Beats)

Nice to have

• Experience with Infrastructure-as-Code tools.
• Familiarity with runtime security tools (Tenable Nessus) and simulation DDOs attacking tools.
• Knowledge of compliance frameworks Cyber Essentials (UK).
• Experience supporting setup and deploy web applications such as Node.js, PHP, or Python web applications.