Cloud Applications Security Engineer

  • Singapore
  • Contract
  • Tue Aug 5 07:44:33 2025
  • 38177

Cloud Application Security Engineer

About the role

As a Senior Security Engineer, you will lead the security effort on client projects — guiding teams on secure architecture, code, and infrastructure. You will work hands-on with developers and DevOps engineers to integrate security into the delivery process, and also support enterprise security needs when clients require compliance with frameworks like ISO 27001 or CIS controls.
This role is for someone who can switch between technical depth and broader security governance ie. someone who knows how to secure real-world systems and can confidently speak to risk, compliance, and best practices with both internal teams and client stakeholders.

Whats on the offer

  • Contract role - with a view of extension
  • Location : Singapore, Onsite
  • Industry : Software Company
Responsibilities
  • Act as the security lead on key software delivery projects
  • Review application and infrastructure designs with a security lens
  • Guide teams in applying secure development practices (OWASP Top 10, SAST, DAST, SCA, secrets management, etc.)
  • Collaborate with DevOps/DevSecOps engineers to secure CI/CD pipelines and Infrastructure as Code
  • Recommend and implement cloud security best practices (AWS, Azure, GCP)
  • Support client discussions around enterprise security and compliance needs (e.g., ISO 27001, CIS benchmarks, shared responsibility models)
  • Translate security requirements into clear, actionable guidance for delivery teams
  • Document risk assessments, mitigation strategies, and architecture decisions
  • Contribute to internal knowledge sharing, playbooks, and upskilling the team
Experience required
  • You have 5–10 years of experience in security engineering, DevSecOps, or secure cloud architecture
  • You’re hands-on with modern application stacks and cloud-native infrastructure
  • You’re experienced with tools like SonarQube, Checkmarx, Snyk, GitHub Advanced Security, etc.
  • You know your way around cloud security services (e.g., IAM, GuardDuty, Config, WAF, etc.) on AWS, Azure, or GCP
  • You’re confident engaging with clients on both technical implementation and enterprise security expectations
  • You’re familiar with security frameworks like ISO 27001, CIS controls, and data protection principles
  • You’re comfortable with documentation and policy reviews when needed (without being "just governance")
  • You have strong communication skills and can tailor your message to devs, ops, or business folks
  • CISSP or similar certifications are a plus
  • Strong foundation in information security principles (CIA triad, threat modeling, access control, etc.)
  • Ability to conduct or support:
    • Information security risk assessments
    • Risk treatment planning
    • Risk register maintenance
  • Ability to align ISO 27001 with legal/regulatory requirements (PDPA)
  • Perform internal ISMS audits
  • Strong writing skills for:
    • Information Security Policies
    • Risk Treatment Plans
    • Audit reports