DevSecOps Engineer | 開發及維運工程師

Company Status

Bowtie's mission is to create a digital insurance platform that brings greater good to consumers. As we grow towards that mission, we're looking for highly dynamic, hands-on and passionate talent to our team.

We Offer

  • Competitive salary
  • Fun, co-operative and flexible startup culture
  • Weekly sharing sessions and regular happy-hour gatherings
  • Flexible working hours
  • 5-day work week and Annual Leave
  • Benefits include medical/ dental coverage and wellness program
  • Professional Development Sponsorship
  • Hong Kong working visa sponsorship (onsite position)

How to Apply

A description of your work history (whether as a resume, GitHub profile, LinkedIn profile, or prose)


  • You will be working closely with a handful of product and operation teams, helping them ship default secure, default private features and products.
  • As appropriate, you will be doing Architecture reviews and Threat Modeling of critical engineering work
  • You will help us scale the capacity and capability of the security team through automation, documentation, and safe default templating. One of our mottos is 'Never the same bug twice'. This is, undoubtedly, the most important way for us to scale default safely.
  • As developers interact with critical code paths, you will be asked to provide code reviews and feedback on the proposed changes.
  • You will review, pentest, and analyze existing code bases to uncover vulnerabilities, and help teams fix the bugs you find.


  • Programming experience or ability in one of our core languages. At current inventory, we use JavaScript and Python mainly. You don't need to be a whiz, but we expect you to be able to write enough to push out fixes and simple features.
  • Strong understanding of AWS services and architectures
  • Fluency in a risk and threat modeling methodology. You don't need to be able to rattle off everything in the CWE as you iterate through STRIDE, but structure and fluidity in your analyses will really help you communicate efficiently across teams.
  • Mobile or Web Application Security experience. Be it source code audit, penetration testing, bug bounty triage, or code reviews, you'll be expected to examine code with security critical eyes.
  • Strong written and verbal communication skills, specifically on security topics. The work our team does is consumed by a startling number of audiences, so being able to effectively communicate across those people will be invaluable in stopping confusion and saving roundtrips.