Base Camp Digital Hiring! Full Time Node.js Engineer in Federal Territory - Ricebowl

What's On Offer: Based in KL, Malaysia 1 Year Contract (Highly Renewable) *Candidates based in Malaysia and those who are available to start immediately will be given priority consideration.*

We are seeking a highly skilled Node.js Engineer with strong experience in security automation and DevSecOps practices. The ideal candidate will design and build automation tools, microservices, and integrations that enhance cybersecurity operations, streamline CI/CD security controls, and improve incident response efficiency. This role sits at the intersection of software engineering, cloud infrastructure, and cybersecurity, enabling secure-by-design delivery across the organization.

Key Responsibilities



1. Security Automation & Development

• Design, develop, and maintain scalable automation tools and services using Node.js to support security operations and incident response workflows.
• Build and maintain APIs, microservices, and CLI tools to automate repetitive security processes.
• Develop integrations between security platforms, cloud services, and internal systems to improve visibility and operational efficiency.
• Translate manual security tasks into automated, reusable engineering solutions.
  
  

2. DevSecOps Engineering

• Embed security controls and validation steps into CI/CD pipelines to support secure software delivery at scale.
• Implement and maintain automated security testing including:
  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • Dynamic Application Security Testing (DAST)
  • Infrastructure as Code (IaC) scanning
• Integrate security findings into developer workflows to enable early remediation.
• Collaborate with DevOps and platform engineering teams to enforce secure configuration standards across cloud and deployment environments.
  
  

3. Cybersecurity Enablement

• Support and enhance vulnerability management processes through automation of scanning, triage, and reporting workflows.
• Work closely with security analysts to identify automation opportunities within incident response and threat detection processes.
• Develop solutions that reduce manual intervention in security operations and improve response times.
  
  

4. Collaboration & Technical Leadership

• Partner with cybersecurity, DevOps, and product engineering teams to align automation initiatives with business and security objectives.
• Participate in architecture design discussions for scalable and secure automation frameworks.
• Contribute to secure coding standards, DevSecOps best practices, and engineering guidelines.
• Provide technical guidance and mentorship where required.
  
  

Required Qualifications

• 4-8 years of experience in software engineering, DevSecOps, or security automation roles.
• Strong proficiency in Node.js for backend development and automation use cases.
• Hands-on experience with CI/CD pipelines such as:
  • GitHub Actions
  • GitLab CI
  • Jenkins
  • Azure DevOps
• Strong understanding of cybersecurity principles:
  • Authentication & authorization
  • Encryption standards
  • Secure coding practices
  • Network security fundamentals
• Experience integrating or automating security tools such as:
  • SAST/SCA scanners
  • SIEM platforms
  • SOAR tools
  • Vulnerability management systems
• Strong scripting skills in Linux-based environments (Bash, Shell, or similar).
  
  

Preferred Qualifications

• Experience with cloud platforms (AWS, Azure, GCP) and Infrastructure as Code tools such as:
  • Terraform
  • CloudFormation
  • ARM templates
• Familiarity with containerization and orchestration:
  • Docker
  • Kubernetes
• Exposure to observability tools and logging stacks:
  • ELK Stack (Elasticsearch, Logstash, Kibana)
  • Splunk
• Understanding of threat detection, incident response, and SOC workflows
• Experience working in large-scale enterprise or regulated environments is an advantage.