Circles
Lead Security Engineer
Remote Lead Security Engineer role with clear candidate location fit.
PostedJul 11, 2026
Eligible countries1 accepted country
Seniority signalSenior
Work settingRemote
Accepted candidate locations
USA
Role overview
Lead Security Engineer
Requirements and responsibilities
Readable role content extracted into sections for faster review.
Details
- Circles.Life: A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles’ SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity.
- Circles Aspire: A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide.
- Jetpac: Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year.
Secure Architecture & Threat Modeling
- Lead threat modeling (STRIDE, PASTA, or equivalent) for new applications, features, and major platform changes
- Conduct security architecture reviews for applications, APIs, cloud infrastructure, and third-party services before go-live
- Define secure design patterns and reference architectures; provide hands-on security guidance at every stage of the SDLC, not just at release gates
Application & API Security
- Own the Application Security program end-to-end: SAST, DAST, SCA, and API security testing — tool selection, policy tuning, and triage workflows
- Integrate security testing natively into CI/CD pipelines and DevSecOps workflows so findings surface before merge, not after deploy
- Assess REST and GraphQL APIs against the OWASP API Security Top 10 (broken object/function-level authorization, excessive data exposure, rate limiting, business logic abuse)
- Partner with engineering leads to prioritize findings by exploitability and business impact, and drive remediation within agreed SLAs
Penetration Testing & Vulnerability Management
- Plan and execute internal penetration tests across web applications, APIs, cloud, and infrastructure; scope and oversee external pen test engagements
- Manually validate findings to separate real risk from noise before they reach engineering backlogs
- Own the vulnerability management lifecycle — from discovery through remediation to verified closure — and continuously tighten SLAs as maturity improves
SOC & Security Operations
- Serve as a technical escalation point for security incidents; lead or support incident response — triage, containment, root cause analysis, and post-incident reviews
- Improve detection and response capability through SIEM/SOAR rule tuning, informed directly by incident and threat intelligence learnings
- Close the loop between offensive findings (pen test, threat model) and detective controls (SIEM/SOAR), so known risks are also monitored, not just documented
Security Automation
- Build automation in Python (or equivalent) for security scanning, findings de-duplication, ticketing, and reporting workflows
- Integrate security tooling across CI/CD and SOC operations to eliminate repetitive manual work and shorten detection-to-remediation time
- Treat automation as a core deliverable, not a side project — every recurring manual security task is a candidate for a pipeline
Required Qualifications
- 10-12 years of hands-on experience in Application Security and Security Engineering
- Demonstrated, hands-on strength in:Threat modeling and secure architecture reviewMicroservice architecturePenetration testing[Web, API, Mobile] and vulnerability managementSAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..Software supply-chain security SOC operations and incident responseDevSecOps and CI/CD security integrationPython (or equivalent) scripting for security automation
- Threat modeling and secure architecture review
- Microservice architecture
- Penetration testing[Web, API, Mobile] and vulnerability management
- SAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..
- Software supply-chain security
- SOC operations and incident response
- DevSecOps and CI/CD security integration
- Python (or equivalent) scripting for security automation
- Solid working knowledge of the OWASP Top 10, OWASP API Security Top 10, secure coding practices, and cloud security fundamentals
- Capability to identify AI-specific vulnerabilities such as prompt injection, data poisoning, system prompt leakage, and insecure output handling.
- Ability to read and understand code to identify vulnerabilities; proficiency in Java or Go (Golang) is a strong plus.
- Strong communicator, able to influence engineering teams on remediation priority and translate technical risk into terms executives act on
Demonstrated, hands-on strength in:
- Threat modeling and secure architecture review
- Microservice architecture
- Penetration testing[Web, API, Mobile] and vulnerability management
- SAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..
- Software supply-chain security
- SOC operations and incident response
- DevSecOps and CI/CD security integration
- Python (or equivalent) scripting for security automation
Preferred Qualifications
- Certifications: OSCP, OSWE, GWAPT, GPEN, CISSP, or equivalent
- Experience securing AWS, Azure, or GCP environments, and Kubernetes/container workloads
- Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, Sentinel, XSOAR, or similar)
- Familiarity with security maturity frameworks: OWASP SAMM, BSIMM, or NIST CSF
- Exposure to securing AI/LLM implementations
Similar roles
Keep a backup shortlist.
AWS, Kubernetes 13 accepted countries
Senior Backend Engineer (AdTech)Leap ToolsView role AWS, Kubernetes 13 accepted countries
Senior Backend EngineerLeap ToolsView role Java, Python USA
Application Security Engineer (Tech Lead)Morgan StanleyView role Java, Python USA
Software EngineerMorgan StanleyView role Stack
Use these tags to compare similar remote roles.
Location eligibility
Candidates should apply only when their profile country is listed here.
Your profileCountry not setSign in to check your country against this role.
Hiring flow
WithMira shows the role, then sends candidates to the company application.
1Check role fit, stack, and location eligibility in WithMira.
2Open the company application page from the tracked apply link.
3Save the role or subscribe for similar opportunities before leaving.