jobs in JLand Group - JLG

全职 Senior DevOps - Security Engineer (Azure) 工作, 薪水, JLand Group - JLG Federal Territory 公司招聘中 - Ricebowl

Senior DevOps - Security Engineer (Azure)

JLand Group - JLG

Undisclosed

KL City, Federal Territory

分享
保存

工作地点

  • Kuala Lumpur Federal Territory Malaysia

职位描述

岗位职责

About Hatch Labs & the IDEAS Platform

Hatch Labs is Johor Capital Group's (JCG) wholly-owned, AI-native digital-solutions company. We build production software with small, senior teams using AI as a force multiplier — “problems to products in weeks, not months.”


Our first flagship build is the IDEAS Platform — the operating system for JCG's investment mandate in Johor and the Johor–Singapore Special Economic Zone. It runs continuous market discovery, anchor and partner engagement, an eight-stage investment workflow, and portfolio stewardship on one shared data spine, with an agentic AI layer assisting human judgement at every step. The platform is built cloud-native on Microsoft Azure, in the Malaysia West region, for in-country data residency.

You will be one of a small, high-trust engineering team building this from the ground up. Expect breadth, ownership, and direct line of sight from your work to real investment decisions.


What you will do

•    Foundation. Stand up and own the Azure landing zone: subscriptions, resource organisation, networking (private endpoints, VNets), and the Malaysia West region setup for in-country data residency.

•    Identity & access. Own identity and access end-to-end: Entra ID for SSO with the JCG group, role-based access control, MFA, conditional access, and break-glass procedures.

•    CI/CD & IaC. Build and run CI/CD (Azure DevOps or GitHub Actions) and infrastructure-as-code (Bicep or Terraform) so every environment — dev, test, staging, production — is reproducible and promotion is controlled.

•    Security. Implement the security posture: Microsoft Defender for Cloud, Azure Policy, Key Vault for secrets, data classification, encryption, and the immutable audit trail the platform's governance and regulatory requirements depend on.

•    Sovereignty. Ensure confidential data and AI workloads never leave the approved in-region deployment; partner with the AI engineer on secure, in-region Azure OpenAI / model hosting.

•    Observability. Stand up observability — Azure Monitor, Application Insights, centralised logging — and own incident response and platform reliability.

•    Cost. Own FinOps: cost guardrails, budgets and alerts across Azure PaaS consumption (compute, Fabric capacity, Azure OpenAI, AI Search), and keep spend predictable.



Requirements


•    Strong hands-on Azure experience operating production workloads

•    Infrastructure-as-code (Bicep and/or Terraform) and CI/CD pipeline ownership.

•    Container orchestration on Azure (AKS and/or Azure Container Apps).

•    Practical cloud security: Entra ID, RBAC, Key Vault, Defender for Cloud, Azure Policy, network isolation.

•    A security-first mindset and comfort working to audit, data-residency and least-privilege requirements.


Nice to have

•    Azure certifications (AZ-400 DevOps, AZ-500 Security).

•    Experience in a regulated or data-sensitive domain (financial services, healthcare, government).

•    Exposure to FinOps practices and Azure cost management.

•    Familiarity with Microsoft Fabric / data-platform governance (Purview).

重要安全守则

申请工作时,切勿提供您的银行或信用卡详细资料。不要转账或完成无关的在线调查问卷。如果您发现可疑内容,请举报此招聘广告。

了解更多