Senior DevOps & Security Engineer (Azure)

What you will do

•    Foundation. Stand up and own the Azure landing zone: subscriptions, resource organisation, networking (private endpoints, VNets), and the Malaysia West region setup for in-country data residency.

•    Identity & access. Own identity and access end-to-end: Entra ID for SSO with the JCG group, role-based access control, MFA, conditional access, and break-glass procedures.

•    CI/CD & IaC. Build and run CI/CD (Azure DevOps or GitHub Actions) and infrastructure-as-code (Bicep or Terraform) so every environment — dev, test, staging, production — is reproducible and promotion is controlled.

•    Security. Implement the security posture: Microsoft Defender for Cloud, Azure Policy, Key Vault for secrets, data classification, encryption, and the immutable audit trail the platform's governance and regulatory requirements depend on.

•    Sovereignty. Ensure confidential data and AI workloads never leave the approved in-region deployment; partner with the AI engineer on secure, in-region Azure OpenAI / model hosting.

•    Observability. Stand up observability — Azure Monitor, Application Insights, centralised logging — and own incident response and platform reliability.

•    Cost. Own FinOps: cost guardrails, budgets and alerts across Azure PaaS consumption (compute, Fabric capacity, Azure OpenAI, AI Search), and keep spend predictable.

Must-have

•    Strong hands-on Azure experience operating production workloads — not just certifications.

•    Infrastructure-as-code (Bicep and/or Terraform) and CI/CD pipeline ownership.

•    Container orchestration on Azure (AKS and/or Azure Container Apps).

•    Practical cloud security: Entra ID, RBAC, Key Vault, Defender for Cloud, Azure Policy, network isolation.

•    A security-first mindset and comfort working to audit, data-residency and least-privilege requirements.

Nice-to-have

•    Azure certifications (AZ-400 DevOps, AZ-500 Security).

•    Experience in a regulated or data-sensitive domain (financial services, healthcare, government).

•    Exposure to FinOps practices and Azure cost management.

•    Familiarity with Microsoft Fabric / data-platform governance (Purview).

First 90 days, success looks like

•    A working Azure landing zone with Entra SSO, IaC, and a CI/CD pipeline the team deploys through daily.

•    Dev, test, staging and production environments stood up, with production data resident in Malaysia.

•    Baseline security controls, secrets management, audit logging and cost guardrails in place.

How we work

•    Small, senior, AI-native team — you will use AI coding and agent tooling daily, and we expect you to be opinionated about where it helps and where it doesn't.

•    Iterative delivery in short cycles; we ship working software each cycle and build each module behind an API before its interface.

•    Azure-first and Microsoft-aligned (Entra ID, Azure DevOps/GitHub, Azure PaaS), with data resident in Malaysia and a strong audit and governance posture appropriate to a regulated capital-markets context.