Key responsibilities include:
Act as a core support member of the Agile Transformation and Engineering Excellence team to drive organisation-wide technical delivery initiatives.
Support the implementation and continuous refinement of the organisation-wide Agile Framework, standards, and controls, particularly for Security project delivery and DevSecOps pipeline maturity.
Assist in the design and optimisation of tools and technology for implementing Agile and DevSecOps practices, including workflow management (e.g., Jira/Azure DevOps), automated vulnerability tracking boards, release gates, and infrastructure-as-code deployment metrics.
Support the adoption of shift-left security practices, including establishing SecOps workflows, integrating SAST/DAST automation into sprint cycles, and driving organisation-wide metadata tagging for security compliance to enhance system auditability and risk readiness.
Facilitate technical refinement and alignment for application optimization initiatives, driving teams to balance technical debt, cloud cost efficiency, code performance, and architectural scalability within sprint planning.
Monitor delivery performance, DevSecOps metrics (e.g., deployment frequency, lead time for changes, mean time to recover, defect density), and team maturity levels, recommending continuous improvements for engineering efficiency.
Qualifications:
We expect the ideal candidate to have 4–8 years of experience in Agile delivery and Scrum mastery with a strong technical background, preferably within Technology, Banking, or Financial Services where compliance and security are important.
Solid experience in Agile frameworks and secure delivery disciplines, including Scrum, Kanban, scaled Agile (SAFe), backlog refinement, release management, and DevSecOps engineering quality standards.
Hands-on experience with Agile management and CI/CD tools (e.g., Jira, Confluence, Jenkins, GitLab CI, Azure DevOps, SonarQube), and the ability to leverage them to operationalise Secure Delivery Frameworks.
Understanding of agile foundations required for DevSecOps maturity and application optimization, such as automated testing frameworks, containerization (Docker/Kubernetes), microservices architecture, and cloud monitoring tools (e.g., Datadog, Prometheus).
Experience or exposure to driving security compliance within product lifecycles (e.g., OWASP Top 10 mitigation, vulnerability lifecycle management) is a plus.
Strong stakeholder management and communication skills, with the ability to bridge the gap between business requirements, development teams, and InfoSec departments to drive mindset shifts and governance adoption.
Solid grounding in technology concepts, with good understanding of the financial industry's security regulations. Prior experience in Banking or FinTech environments is preferred.
Analytical mindset with structured problem-solving capabilities to unblock complex technical dependencies
Hands-on technical capability is plus, including:
Proficiency in Jira Query Language (JQL) or DevOps analytics for security defect tracking, sprint velocity profiling, and bottleneck analysis.
Working knowledge of Python or Bash for workflow automation, reporting dashboards, API-driven security metric collection, and automated backlog parsing.
Experience in developing automation scripts or workflow rules (e.g., Jira Automation, CI/CD hooks) to enforce compliance controls, auto-tag security issues, or streamline release approvals.
Familiarity with API integration and RESTful API calls for system connectivity, such as linking security scanning tools with Jira or messaging platforms (Slack/Teams).
Working location in Hong Kong
Native/Fluent in Cantonese, English, Mandarin
Experience in working in an international team, experience in financial services is a plus
Full-time