- Kuala Lumpur Federal Territory Malaysia
工作地点
职位描述
岗位职责
Hatch Labs is Johor Capital Group's (JCG) wholly-owned, AI-native digital-solutions company. We build production software with small, senior teams using AI as a force multiplier — “problems to products in weeks, not months.”
Our first flagship build is the IDEAS Platform — the operating system for JCG's investment mandate in Johor and the Johor–Singapore Special Economic Zone. It runs continuous market discovery, anchor and partner engagement, an eight-stage investment workflow, and portfolio stewardship on one shared data spine, with an agentic AI layer assisting human judgement at every step. The platform is built cloud-native on Microsoft Azure, in the Malaysia West region, for in-country data residency.
You will be one of a small, high-trust engineering team building this from the ground up. Expect breadth, ownership, and direct line of sight from your work to real investment decisions.
• Foundation. Stand up and own the Azure landing zone: subscriptions, resource organisation, networking (private endpoints, VNets), and the Malaysia West region setup for in-country data residency.
• Identity & access. Own identity and access end-to-end: Entra ID for SSO with the JCG group, role-based access control, MFA, conditional access, and break-glass procedures.
• CI/CD & IaC. Build and run CI/CD (Azure DevOps or GitHub Actions) and infrastructure-as-code (Bicep or Terraform) so every environment — dev, test, staging, production — is reproducible and promotion is controlled.
• Security. Implement the security posture: Microsoft Defender for Cloud, Azure Policy, Key Vault for secrets, data classification, encryption, and the immutable audit trail the platform's governance and regulatory requirements depend on.
• Sovereignty. Ensure confidential data and AI workloads never leave the approved in-region deployment; partner with the AI engineer on secure, in-region Azure OpenAI / model hosting.
• Observability. Stand up observability — Azure Monitor, Application Insights, centralised logging — and own incident response and platform reliability.
• Cost. Own FinOps: cost guardrails, budgets and alerts across Azure PaaS consumption (compute, Fabric capacity, Azure OpenAI, AI Search), and keep spend predictable.
• Strong hands-on Azure experience operating production workloads
• Infrastructure-as-code (Bicep and/or Terraform) and CI/CD pipeline ownership.
• Container orchestration on Azure (AKS and/or Azure Container Apps).
• Practical cloud security: Entra ID, RBAC, Key Vault, Defender for Cloud, Azure Policy, network isolation.
• A security-first mindset and comfort working to audit, data-residency and least-privilege requirements.
Nice to have
• Azure certifications (AZ-400 DevOps, AZ-500 Security).
• Experience in a regulated or data-sensitive domain (financial services, healthcare, government).
• Exposure to FinOps practices and Azure cost management.
• Familiarity with Microsoft Fabric / data-platform governance (Purview).
重要安全守则
申请工作时,切勿提供您的银行或信用卡详细资料。不要转账或完成无关的在线调查问卷。如果您发现可疑内容,请举报此招聘广告。