Resumen del rol

Lead Security Engineer

Requisitos y responsabilidades

Contenido del rol extraído en secciones para revisar más rápido.

Details

  • Circles.Life: A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles’ SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity.
  • Circles Aspire: A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide.
  • Jetpac: Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year.

Secure Architecture & Threat Modeling

  • Lead threat modeling (STRIDE, PASTA, or equivalent) for new applications, features, and major platform changes
  • Conduct security architecture reviews for applications, APIs, cloud infrastructure, and third-party services before go-live
  • Define secure design patterns and reference architectures; provide hands-on security guidance at every stage of the SDLC, not just at release gates

Application & API Security

  • Own the Application Security program end-to-end: SAST, DAST, SCA, and API security testing — tool selection, policy tuning, and triage workflows
  • Integrate security testing natively into CI/CD pipelines and DevSecOps workflows so findings surface before merge, not after deploy
  • Assess REST and GraphQL APIs against the OWASP API Security Top 10 (broken object/function-level authorization, excessive data exposure, rate limiting, business logic abuse)
  • Partner with engineering leads to prioritize findings by exploitability and business impact, and drive remediation within agreed SLAs

Penetration Testing & Vulnerability Management

  • Plan and execute internal penetration tests across web applications, APIs, cloud, and infrastructure; scope and oversee external pen test engagements
  • Manually validate findings to separate real risk from noise before they reach engineering backlogs
  • Own the vulnerability management lifecycle — from discovery through remediation to verified closure — and continuously tighten SLAs as maturity improves

SOC & Security Operations

  • Serve as a technical escalation point for security incidents; lead or support incident response — triage, containment, root cause analysis, and post-incident reviews
  • Improve detection and response capability through SIEM/SOAR rule tuning, informed directly by incident and threat intelligence learnings
  • Close the loop between offensive findings (pen test, threat model) and detective controls (SIEM/SOAR), so known risks are also monitored, not just documented

Security Automation

  • Build automation in Python (or equivalent) for security scanning, findings de-duplication, ticketing, and reporting workflows
  • Integrate security tooling across CI/CD and SOC operations to eliminate repetitive manual work and shorten detection-to-remediation time
  • Treat automation as a core deliverable, not a side project — every recurring manual security task is a candidate for a pipeline

Required Qualifications

  • 10-12 years of hands-on experience in Application Security and Security Engineering
  • Demonstrated, hands-on strength in:Threat modeling and secure architecture reviewMicroservice architecturePenetration testing[Web, API, Mobile] and vulnerability managementSAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..Software supply-chain security SOC operations and incident responseDevSecOps and CI/CD security integrationPython (or equivalent) scripting for security automation
  • Threat modeling and secure architecture review
  • Microservice architecture
  • Penetration testing[Web, API, Mobile] and vulnerability management
  • SAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..
  • Software supply-chain security
  • SOC operations and incident response
  • DevSecOps and CI/CD security integration
  • Python (or equivalent) scripting for security automation
  • Solid working knowledge of the OWASP Top 10, OWASP API Security Top 10, secure coding practices, and cloud security fundamentals
  • Capability to identify AI-specific vulnerabilities such as prompt injection, data poisoning, system prompt leakage, and insecure output handling.
  • Ability to read and understand code to identify vulnerabilities; proficiency in Java or Go (Golang) is a strong plus.
  • Strong communicator, able to influence engineering teams on remediation priority and translate technical risk into terms executives act on

Demonstrated, hands-on strength in:

  • Threat modeling and secure architecture review
  • Microservice architecture
  • Penetration testing[Web, API, Mobile] and vulnerability management
  • SAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..
  • Software supply-chain security
  • SOC operations and incident response
  • DevSecOps and CI/CD security integration
  • Python (or equivalent) scripting for security automation

Preferred Qualifications

  • Certifications: OSCP, OSWE, GWAPT, GPEN, CISSP, or equivalent
  • Experience securing AWS, Azure, or GCP environments, and Kubernetes/container workloads
  • Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, Sentinel, XSOAR, or similar)
  • Familiarity with security maturity frameworks: OWASP SAMM, BSIMM, or NIST CSF
  • Exposure to securing AI/LLM implementations
Roles similares

Mantén una lista de respaldo.

Ver stack
FocoLead Security EngineerÁrea del rol
Señal de senioritySeniorNivel del candidato
StackAWS, Azure, CI/CDSkills principales
Ubicación1 país aceptadoElegibilidad

Stack

Usa estas tags para comparar roles remotos similares.

Elegibilidad de ubicación

Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.

Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.

Flujo de contratación

WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.

1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.