Product Security Engineer

  • Sector: IT
  • Contact: Cindy Nguyen
  • Contact Email: cindy.nguyen@lmarecruitment.asia
  • Client: LMA
  • Location: Singapore
  • Salary: Up to S$10000 per month
  • Expiry Date: 17 May 2022
  • Job Ref: BBBH370123_1645005045

Responsibilities:

  • Drive tailored SDL practice into specific engineering.
  • Consult architect on security requirements and utilize best practices to meet them.
  • Engage in application, platform and domain-specific threat modeling and attack surface analysis/reduction.
  • Engineer Security solutions for cloud and embedded products, and the planning and implementation of risk mitigating security solutions.
  • Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development.
  • Implement security control across the technology stack to meet security and compliance requirements for IaaS, Paas, and SaaS.
  • Help prepare reports at appropriate levels of confidentiality for stakeholders to view.
  • Responding promptly and in detail to customer-sponsored penetration tests.
  • Promotes best practices, design patterns, standards through workshops, knowledge sharing, and code walk-throughs.
  • Build automation around testing tools and techniques.
  • Tailor communication to a variety of audiences and perspectives and anticipates issues to prevent conflict.
  • Work with the Product teams and Cloud Infrastructure and Platform teams to lead initiatives and develop and build security utilities and tools.
  • Translate Standards and Regulatory based controls to Engineers do they understand what needs to be done.
  • Build and maintain a robust infrastructure/platform/product security roadmap to meet customer demands and regulatory mandates.



Required Qualifications:

  • Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or 4 years of equivalent experience.
  • 3+ years of experience in application/product security in a cloud environment.
  • Strong knowledge of CI/CD and automation tools (Chef, Git, Jenkins) and Infrastructure/Security as Code.
  • Strong knowledge of Identity management and identity federation (SAML, Oauth).
  • Strong knowledge of virtual infrastructure and containerization technologies.
  • Experience designing and implementing security controls in cloud platforms such as AWS, Azure and alike.
  • Must be available for on call for potential security response.
  • Experience with the application of risk identification and evaluation techniques.
  • Experience with broad set of information security technologies and processes within an IaaS, PaaS, and SaaS.



Preferred Qualifications:

  • A Master's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math).
  • Contribute to and lead discussions and communications within the team and outside, including customers and other business units.
  • Partner with product owners in requirement gathering and vetting.
  • Foster a collaborative and cooperative team environment, encouraging input and participation from all members.
  • Significant experience in cryptography, network security or systems security.
  • Distributed computing, clusters, virtualization, high availability, load balancing.
  • Experience in embedded (Edge compute) security, IoT Security and Operational Technology (OT) security.
  • Experience in large enterprise and cloud environments.
  • Skilled at explaining complex technical issues in terms understandable by the business.
  • Excellent written and verbal communication skills, especially experience with executive-level communications.
  • Experience with web-based applications and/or web services-based applications, especially at massive scale.


Travel: Occasional travel is required (COVID pending)

Company Reg. No.: 201131609D | Licence No.: 11C4684 | EA Reg No.: R 1440978