838 Application Security jobs in Singapore

What the role is

We are seeking an experienced Application Security Engineer to be part of the Platforms Architecture & Engineering (PAE) and strengthen our organisation's security posture by implementing robust security measures throughout our software development lifecycle. The ideal candidate will work closely with development teams and operation teams to ensure security is embedded in our applications from design to deployment.

What you will be working on

In this position, you will:

• Conduct security assessments, threat modelling, and code reviews to identify vulnerabilities in applications
• Design and implement security controls, authentication mechanisms, and encryption solutions
• Develop and maintain secure coding guidelines and security standards
• Collaborate with development teams to remediate security issues and provide guidance on secure coding practices
• Conduct security awareness training sessions for development teams
• Monitor and respond to security incidents related to application vulnerabilities
• Evaluate and implement security tools and technologies
• Maintain documentation of security processes and procedures

What we are looking for

• Bachelor's degree in Computer Science, Information Security, or related field
• At least 3 years of experience in application security or software development with security focus
• Strong knowledge of secure coding practices and OWASP Top 10 vulnerabilities
• Proficiency in common programming languages (e.g., .Net Core, Java, Python, JavaScript)
• Experience with security testing tools and methodologies
• Understanding of cryptography, authentication, and authorisation protocols
• Knowledge of common security frameworks and standards (ISO 27001, NIST, etc.)
• Security certifications (CISSP, CEH, OSCP, or equivalent)
• Experience with cloud security (AWS, Azure, GCP)
• Knowledge of DevSecOps practices and tools
• Familiarity with containerisation and microservices security
• Strong analytical and problem-solving abilities
• Excellent communication and collaboration skills
• Experience with security incident response

As part of the shortlisting process for this role, you may be required to complete a medical declaration and/or undergo further assessment.

This is a 2-Year Contract. All applicants will be notified on whether they are shortlisted or not within 4 weeks of the closing date of this job posting.

What the role is

The Monetary Authority of Singapore (MAS) is Singapore's central bank and integrated financial regulator.

As central bank, MAS promotes sustained, non-inflationary economic growth through the conduct of monetary policy and close macroeconomic surveillance and analysis. It manages Singapore's exchange rate, official foreign reserves, and liquidity in the banking sector.

As an integrated financial supervisor, MAS fosters a sound financial services sector through its prudential oversight of all financial institutions in Singapore – banks, insurers, capital market intermediaries, financial advisors, and stock exchanges. It is also responsible for well-functioning financial markets, sound conduct, and investor education.

MAS also works with the financial industry to promote Singapore as a dynamic international financial centre. It facilitates the development of infrastructure, adoption of technology, and upgrading of skills in the financial industry.

Join us now, if you have a genuine interest in making an impact to help shape Singapore's economic and financial landscape.

What you will be working on

We are seeking an experienced Application Security Engineer to be part of the Application Architecture and Engineering Division (AAD) and strengthen our organisation's security posture by implementing robust security measures throughout our software development lifecycle. The ideal candidate will work closely with development teams and operation teams to ensure security is embedded in our applications from design to deployment.

In this position, you will:

• Conduct security assessments, threat modelling, and code reviews to identify vulnerabilities in applications
• Design and implement security controls, authentication mechanisms, and encryption solutions
• Develop and maintain secure coding guidelines and security standards
• Collaborate with development teams to remediate security issues and provide guidance on secure coding practices
• Conduct security awareness training sessions for development teams
• Monitor and respond to security incidents related to application vulnerabilities
• Evaluate and implement security tools and technologies
• Maintain documentation of security processes and procedures

What we are looking for

• Bachelor's degree in Computer Science, Information Security, or related field
• At least 3 years of experience in application security or software development with security focus
• Strong knowledge of secure coding practices and OWASP Top 10 vulnerabilities
• Proficiency in common programming languages (e.g., .Net Core, Java, Python, JavaScript)
• Experience with security testing tools and methodologies
• Understanding of cryptography, authentication, and authorisation protocols
• Knowledge of common security frameworks and standards (ISO 27001, NIST, etc.)
• Security certifications (CISSP, CEH, OSCP, or equivalent)
• Experience with cloud security (AWS, Azure, GCP)
• Knowledge of DevSecOps practices and tools
• Familiarity with containerisation and microservices security
• Strong analytical and problem-solving abilities
• Excellent communication and collaboration skills
• Experience with security incident response

As part of the shortlisting process for this role, you may be required to complete a medical declaration and/or undergo further assessment.

This contract will end in Dec 2029. All applicants will be notified on whether they are shortlisted or not within 4 weeks of the closing date of this job posting.

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

You will be a member of the application security core center of competency under the Development & Innovation for Technology ProducTisation & Operations (DITTO) department.

You will provide application security consultancy and support to the application teams in areas such as security assessments, DevSecOps, security training and awareness to raise the application security level of competency and standards of our people and organisation.

Responsibilities

• Plan the application security roadmap to improve the way application security is practiced in the organisation.
• Develop secure application development practices, standards, guidelines, and solutions to raise the application security practices of our application teams.
• Maintain various application security processes and automated source code scanning platform in the organisation.
• Perform secure code quality reviews and conduct application penetration testing/vulnerability assessment.
• Support various types of application testing and delivery (e.g. CI/CD) within the organisation.
• Train and up-skill developers in the area of secure coding in various programming platforms such as Java, C#, PHP etc. and to write security acceptance criteria in user stories.
• Train the applications team to write security unit tests and perform secure coding assessments.
• Work with DevOps team to improve security in the CI/CD pipeline.

Requirements

• At least 3-5 years combined work experience in software development, application security and cloud computing (e.g. Azure, AWS).
• Experience in conducting manual secure source code review in at least one of the following programming platforms in both waterfall and Agile approach: Java, PHP, Javascript, C#, Android, iOS.
• Experience in threat modelling and able to establish threat profiles for application projects to identify, quantify and remediate application security risks.
• Experience working with mobile and web application programming interfaces (API) architecture (e.g. REST, SOAP, SSL/TLS).
• Demonstrate knowledge in industry security best practices such as OWASP Top 10, OWASP application security verification standard.
• Experience on using SAST code scanning tools such as Checkmarx, Sonarqube, etc.
• Familiar with Agile Development process, CI/CD, DevOps concepts, tools (Git, Gitlab, Github, Jenkins, Ansible etc) and how automated security testing can be incorporated into CI/CI pipelines.
• Collaborate extensively with various teams (application, networking, infrastructure) to maintain, establish and deliver application security services for the organisation.
• Good verbal/written communications skills and experience interacting with various stakeholders.
• Strong interest and passion for the field of application security.
• Strong problem-solving and troubleshooting skills.
• Self-reliant with an analytical and creative mind.
• Experience working with industry APIs such as Apigee or equivalent.
• Certification in CISSP (Certified Information Systems Security Professional)
• DevOps related certifications e.g. Azure DevOps Engineer Expert or AWS DevOps Engineer
• Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OWSE)
• Experience in working with Government Commercial Cloud (GCC)

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS's privacy statement which can be found at: or such other successor site.

Benefits

• A wholly-owned subsidiary of GovTech.
• We promote a learning culture and encourage you to grow and learn.

Global high growth business, expanding capability in ASIA. Work with some of the best engineers, permanent full time, hybrid. Competitive salary + bonus, hybrid office setting.
About the Role
Embed security into the SDLC through code reviews, design reviews, and threat modelling.
Operate and optimise application security tooling (SAST, DAST, IAST, SCA) across CI/CD pipelines.
Collaborate with engineering teams to drive shift-left security and security champion initiatives.
Provide expert guidance on secure coding, cloud security, and vulnerability management.
Contribute to security standards, playbooks, and compliance frameworks.
About You
Strong experience with application security tools (e.g. Veracode, Snyk, Checkmarx, Burp Suite).
Familiar with cloud-native environments (AWS, containers, Kubernetes) and infrastructure-as-code.
Comfortable interpreting logs and identifying risks using platforms like Splunk or Datadog.
Knowledge of security frameworks (OWASP Top 10, ASVS, MITRE ATT&CK) and regulatory standards.
Apply now!
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Engineering, Information Technology, and Other
Industries: Software Development, Technology, Information and Internet, and Technology, Information and Media
#J-18808-Ljbffr

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let's shape the future of wealth management together.

Julius Baer Group Ltd. acts in the sector Private Banking and is present in over 25 countries and around 60 locations. With the Headquartered in Zurich, we have offices in key locations including Bangkok, Dubai, Dublin, Frankfurt, Geneva, Hong Kong, London, Luxembourg, Madrid, Mexico City, Milan, Monaco, Mumbai, Santiago de Chile, São Paulo, Shanghai, Singapore, Tel Aviv and Tokyo. Join our global team and play a critical role in safeguarding our digital landscape as a Senior Web Application Security Engineer with focus on Client Identity and Access Management as well as Web Application Firewall. We're seeking a skilled expert to maintain and enhance the protection of our online platforms, ensuring the highest level of security for our clients worldwide.

Main Job Responsibilities

• Work closely with our global team of engineers to ensure the smooth operation and maintenance of the Client Identity and Access Management Platfrom (CIAM) as well as the Web Application Firewall (WAF) infrastructure
• Develop and enhance authentication flows by utilizing modern authentication protocols to deliver a seamless desktop and mobile login experience for bank clients
• Develop and maintain high-quality and secure codebases for multiple Single-Page Applications (SPAs), focusing on delivering seamless and efficient login experiences for clients
• Collaborate with various stakeholders globally to onboard new client-facing web applications to the global CIAM platform
• Review new or changed requirements and assess their feasibility as well as their impact on the surrounding systems, standards and guidelines
• Troubleshoot issues as part of the 2nd and 3rd level support organization and take part in the on-call duty rotation
• Enhance the automation and scalability of the WAF and CIAM infrastructure
• Continuously improve the overall service reliability, security, performance and monitoring of the WAF / CIAM infrastructure
• Continuously improve the service reliability, security, performance, monitoring, and automation of the WAF / CIAM infrastructure, with a focus on enhancing overall system availability and efficiency

Client Management (internal & external)

• Various IT functions, both regionally and globally
• Local Legal and Compliance functions

Business Management

• Key local stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
• CRO functions – including Business Operational Risk, Information Security and Compliance functions
• Global functions – IT Security Solutions, Security Architecture
• Establish strong relationship with key stakeholders and across the internal IT

Regulatory Responsibilities &/OR Risk Management

• Ensure appropriate ethical and compliant behaviour within the area of responsibility by clear demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations

RANK APPLICABLE TO THE POSITION

• Rank: AD

Professional and Technical

• Minimum 4 years of experience in designing, implementing, and managing Web Application Firewall (WAF) and reverse proxy solutions, including products such as F5, Imperva, Nevis, Cloudflare, or open-source alternatives like ModSecurity
• Proven experience in designing and implementing authentication and federation mechanisms, including SAML, OAuth, OIDC, and FIDO, with a strong understanding of identity and access management principles
• Hands-on operational experience with highly available and scalable web infrastructure
• Profound understanding of security best practices of web applications and APIs
• Solid understanding of web communication protocols such as HTTP, TLS, Websocket, etc.
• Experience in software engineering (Java, Spring Boot, React, Typescript) and operational experience with Kubernetes-based environments
• Strong troubleshooting and structured problem-solving skills
• Proficient in log analytics and correlation, with hands-on experience in Splunk, Elastic or similar toolings, to detect anomalies and investigate incidents and identify root causes
• Good technical foundation of Linux operating systems and its command line tools
• Relevant academic background (e.g., Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field) or industry-recognized certifications (e.g. CISSP, CEH) with relevant practical knowledge

Personal and Social

• Team player, strong collaborator with the willingness to take ownership
• Excellent English language skills, with ability to communicate clearly to diverse audiences, including technical teams and business stakeholders
• Methodical and results-driven approach to new challenges and tasks
• Ability to thrive in a globally distributed team environment
• Strong desire to learn and develop new skills
• Independent and self-driven

Regulatory

• Good understanding of the technology regulatory framework in Singapore and Hong Kong

We are looking forward to receiving your full job application through our online application tool.

Please note that the application process will be managed on our partner website, Workday, which will require you to log in or create an account.
Acronis is revolutionizing cyber protection—providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a Senior Application Security Engineer to join our mission to create a #CyberFit future and protect all data, applications and systems across any environment.
People entrust Acronis with their data. We are responsible for keeping it safe and this constitutes the essence of the application security researcher job. The application security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on their responsible disclosure. You will find security bugs before bad guys do it. Together with the development team, you'll change development processes and practices to ensure that such kinds of bugs will never appear in our code again. You will monitor the attacks and respond to them. You will create novel solutions to detect and advanced approaches to protect applications.
WHAT YOU'LL DO
Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation
Conduct security assessments for software components developed in the company.
Validate external security reports and bug bounty submissions.
Take part in the SLDC process development and implementation.
Conduct post-mortem reviews of application security bugs.
Consult engineers on application security matters, train them on secure development practices.
WHAT YOU BRING
Understanding of security models of Web/REST API, cloud, mobile and desktop apps.
Hands on experience with security assessment tools and attack techniques. You should be able to go well beyond inserting a quote in URLs.
Code assessments in programming languages Go, Python, Ruby, C/C++, JavaScript. Basic programming skills with Go, Python or another language will come handy.
Strong communication skills.
2+ years in Application Security
Strong knowledge of the modern web, mobile, and network security
Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage.
Please be ready to answer in an interview the following questions:
What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts
Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses
(Windows Security) Your opinion about LPE from Admin to the System user
How to count possible compromised accounts?
Be ready to write a simple exploit or a few lines of code that allows checking some kind of attacking vector
Please submit your resume and application in English
WHO WE ARE
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), enterprise IT departments and home users. Our all-in-one solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. We offer the most comprehensive security solution on the market for MSPs with our unique ability to meet the needs of diverse and distributed IT environments.
A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.
Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team.Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact.
Our Interview Practices
To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process.
Use of AI-generated responses or third-party support during live interviews may be grounds for disqualification from the recruitment process and a full criminal, education and identification background check is required for all new hires.
Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.
Please note that the application process will be managed on our partner website, Workday, which will require you to log in or create an account.
#J-18808-Ljbffr

At InnoEdge, we work with organisations to protect them from cyber threats. We help detect new unknown cyber threats through research, fortify networks, and defend critical information infrastructures. Based in Singapore, our team consists of cybersecurity experts who use the advanced techniques and technologies to deliver cutting-edge solutions and services.

InnoEdge believes in fostering a culture where team members are encouraged to overcome challenges, explore new ideas, and work together to succeed. We value individuals who are determined to push beyond the boundaries, and have a thirst for knowledge, continuous learning, and self-improvement.

Collaboration is key to our success. We prioritise open communication, constructive feedback, and a willingness to help others. We are committed to creating a supportive work environment that encourages excellence, innovation, and continuous improvement. We're looking for individuals who share our values and are excited to join us on our cyber mission.

Requirements

• Technical Leadership:
• • Recommend research directions, conceptualize new security tools, and mentor junior researchers.
• Conduct internal training workshops on analysis techniques, vulnerabilities discovery, and mechanism.
• Research and Analysis:
• • Conduct in-depth research on applications, reverse engineer closed-source code, and identify exploitable weaknesses.
• Continuously learn about the latest application security and reverse engineering techniques.
• Development:
• • Assess and verify security through design and execute tests against industry standards CIA triad: Confidentiality, Integrity, and Availability, plus Authorization and Non-repudiation).
• Develop proof of concept (e.g. code, scripts) to demonstrate the severity of discovered vulnerabilities and propose mitigations.
• Develop cutting-edge tools to streamline the analysis process and improve efficiency.
• Documentation and Reporting:
• • Document findings, methodologies, and recommendations for both technical staff and executive leadership.
• Effectively communicate findings and strategy to stakeholders.
• Contribution:
• • Contribute to the Singapore cybersecurity community through publishing whitepapers, blog posts, or presenting findings at relevant conferences.

• Fluent in OOP such as C++, Windows or Linux APIs/syscalls and knowledge of common file formats, network protocols and encryption.
• Demonstrated ability to:
• Reverse engineer C/C++ compiled binaries and recognize common algorithms and patterns in decompiled code.
• Perform type recovery on intermediate data structures and uncover logic and indirect calls within a module.
• Bypass common anti-RE and anti-debugging techniques and uncover original code obfuscated by a public obfuscator.
• For a more senior role, we're looking for candidates who has the demonstrated ability to:
• • Reverse engineer sophisticated software and other programs compiled in newer languages such as Golang, Rust, newer Pythons and non-C binaries.
• Recover complex code logic and indirect calls across multiple modules or files.
• Recover undocumented file format or encoded binaries through deep analysis of the program.
• Develop custom tools to recover the logic or emulate parts of the program.
• Uncover logic of heavily obfuscated or custom packed code.

Benefits

• Training & Development
• Performance Bonus
• Medical Benefits
• Hybrid Work Arrangements

If you meet these qualifications and are passionate about cyber security, we encourage you to apply for this exciting opportunity. We offer competitive compensation, a comprehensive benefits package, and a collaborative and dynamic work environment.

This role is responsible for ensuring that our applications are in compliance with information security standards and Enterprise Governance standards. The Application Governance Manager will work closely with various teams to deliver projects and initiatives, including business enablement, regulatory, risk, and efficiency.

• Understanding the application setup and performing an integrity gap analysis.
• Partnering with different lines of business, development teams, information security, and infrastructure operations teams to deliver projects.
• Engaging external parties like vendors, compliance, regulatory bodies, and exchanges.
• Managing the application governance activities involving assessing application information security risks, audits, non-permitted technologies.
• Working with onshore and offshore regional teams to ensure required deliverables are completed on time.
• Ensuring first-line risk management and controls are in place to support the applications and build risk awareness within the team.
• Engaging multiple stakeholders across the organization to gather and understand functional requirements, security risks for the applications, and provide cohesive solutions.
• Coordinating with the regional stream of the global vulnerability and compliance management project.
• Assisting in the establishment of the project's governance in the region for all departments under IT Operations perimeter (improvement, new processes, or procedures).

• Understanding of wide range of technologies including network, security, application architecture, database, and operating systems.
• Deep understanding of vulnerability assessment and remediation methodologies.
• Strong technical background and familiar with Software Development Life Cycle (SDLC).
• Ability to multi-task and work independently under tight timelines and challenging environments with minimal supervision.
• Good communication skills with team, management, and business stakeholders.
• Program and project management expertise, capacity to lead hybrid project methodologies.
• Good understanding of Local Rules and Regulations in Asian markets.
• Team player.

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let's shape the future of wealth management together.

Julius Baer Group Ltd. acts in the sector Private Banking and is present in over 25 countries and around 60 locations. With the Headquartered in Zurich, we have offices in key locations including Bangkok, Dubai, Dublin, Frankfurt, Geneva, Hong Kong, London, Luxembourg, Madrid, Mexico City, Milan, Monaco, Mumbai, Santiago de Chile, São Paulo, Shanghai, Singapore, Tel Aviv and Tokyo. Join our global team and play a critical role in safeguarding our digital landscape as a Web Application Security Engineer. We're seeking a skilled expert to maintain and enhance the protection of our online platforms, ensuring the highest level of security for our clients worldwide.

Main Job Responsibilities

• Work closely with our global team of engineers to ensure the smooth operation and maintenance of the Web Application Firewall (WAF) infrastructure
• Enhance the security of web applications and APIs by implementing advanced protective measures on the WAF and configuring custom application-specific security policies
• Onboard new web applications and APIs onto the WAF infrastructure, ensuring seamless integration and optimal security
• Evaluate new or changed business requirements and assess their feasibility, as well as their impact on surrounding systems, standards, and guidelines
• Troubleshoot technical issues related to WAF, identifying root causes and developing effective solutions
• Participate in the 2nd and 3rd level support organization, providing on-duty support and collaborating with other teams to resolve incidents
• Continuously improve the service reliability, security, performance, monitoring, and automation of the WAF infrastructure, with a focus on enhancing overall system availability and efficiency

Client Management (internal & external)

• Various IT functions, both regionally and globally
• Local Legal and Compliance functions

Business Management

• Key local stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
• CRO functions – including Business Operational Risk, Information Security and Compliance functions
• Global functions – IT Security Solutions, Security Architecture
• Establish strong relationship with key stakeholders and across the internal IT

Regulatory Responsibilities &/OR Risk Management

Ensure appropriate ethical and compliant behaviour within the area of responsibility by clear demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations

RANK APPLICABLE TO THE POSITION

• Rank: AD

Professional and Technical

• Profound understanding of security best practices of web applications and APIs
• Solid understanding of web communication protocols such as HTTP, TLS, Websocket, etc
• Hands-on operational experience with highly available and scalable web infrastructure
• Hands-on experience with operating WAF or reverse-proxy solutions such as F5, Imperva, Nevis, Cloudflare, or open-source alternatives like ModSecurity
• Experience in software engineering (Java, Spring Boot, React, Typescript) and operational experience with Kubernetes-based environments
• Strong troubleshooting and structured problem-solving skills
• Skilled in log analytics and correlation, with hands-on experience in Splunk, Elastic or similar toolings, to investigate incidents and identify root causes
• Familiarity with the implementation of authentication and federation mechanisms such as SAML, OAuth and OIDC and FIDO
• Good technical foundation of Linux operating systems and its command line tools
• Relevant academic background (e.g., Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field) or industry-recognized certifications (e.g. CISSP) with relevant practical knowledge is desired

Personal and Social

• Team player, strong collaborator with the willingness to take ownership
• Excellent communication skills in spoken and written form
• Strong desire to learn and develop new skills
• Methodical and results-driven approach to new challenges and tasks
• Independent and self-driven
• Ability to thrive in a globally distributed team environment

Regulatory

• Good understanding of the technology regulatory framework in Singapore and Hong Kong

We are looking forward to receiving your full job application through our online application tool.