Circles
Lead Security Engineer
Vaga remota de Lead Security Engineer com fit claro de localização do candidato.
Publicada11 de jul. de 2026
Países elegíveis1 país aceito
Sinal de senioridadeSenior
Modelo de trabalhoRemoto
Locais aceitos para candidatos
Estados Unidos
Resumo da vaga
Lead Security Engineer
Requisitos e responsabilidades
Conteúdo da vaga extraído em seções para revisão mais rápida.
Details
- Circles.Life: A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles’ SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity.
- Circles Aspire: A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide.
- Jetpac: Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year.
Secure Architecture & Threat Modeling
- Lead threat modeling (STRIDE, PASTA, or equivalent) for new applications, features, and major platform changes
- Conduct security architecture reviews for applications, APIs, cloud infrastructure, and third-party services before go-live
- Define secure design patterns and reference architectures; provide hands-on security guidance at every stage of the SDLC, not just at release gates
Application & API Security
- Own the Application Security program end-to-end: SAST, DAST, SCA, and API security testing — tool selection, policy tuning, and triage workflows
- Integrate security testing natively into CI/CD pipelines and DevSecOps workflows so findings surface before merge, not after deploy
- Assess REST and GraphQL APIs against the OWASP API Security Top 10 (broken object/function-level authorization, excessive data exposure, rate limiting, business logic abuse)
- Partner with engineering leads to prioritize findings by exploitability and business impact, and drive remediation within agreed SLAs
Penetration Testing & Vulnerability Management
- Plan and execute internal penetration tests across web applications, APIs, cloud, and infrastructure; scope and oversee external pen test engagements
- Manually validate findings to separate real risk from noise before they reach engineering backlogs
- Own the vulnerability management lifecycle — from discovery through remediation to verified closure — and continuously tighten SLAs as maturity improves
SOC & Security Operations
- Serve as a technical escalation point for security incidents; lead or support incident response — triage, containment, root cause analysis, and post-incident reviews
- Improve detection and response capability through SIEM/SOAR rule tuning, informed directly by incident and threat intelligence learnings
- Close the loop between offensive findings (pen test, threat model) and detective controls (SIEM/SOAR), so known risks are also monitored, not just documented
Security Automation
- Build automation in Python (or equivalent) for security scanning, findings de-duplication, ticketing, and reporting workflows
- Integrate security tooling across CI/CD and SOC operations to eliminate repetitive manual work and shorten detection-to-remediation time
- Treat automation as a core deliverable, not a side project — every recurring manual security task is a candidate for a pipeline
Required Qualifications
- 10-12 years of hands-on experience in Application Security and Security Engineering
- Demonstrated, hands-on strength in:Threat modeling and secure architecture reviewMicroservice architecturePenetration testing[Web, API, Mobile] and vulnerability managementSAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..Software supply-chain security SOC operations and incident responseDevSecOps and CI/CD security integrationPython (or equivalent) scripting for security automation
- Threat modeling and secure architecture review
- Microservice architecture
- Penetration testing[Web, API, Mobile] and vulnerability management
- SAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..
- Software supply-chain security
- SOC operations and incident response
- DevSecOps and CI/CD security integration
- Python (or equivalent) scripting for security automation
- Solid working knowledge of the OWASP Top 10, OWASP API Security Top 10, secure coding practices, and cloud security fundamentals
- Capability to identify AI-specific vulnerabilities such as prompt injection, data poisoning, system prompt leakage, and insecure output handling.
- Ability to read and understand code to identify vulnerabilities; proficiency in Java or Go (Golang) is a strong plus.
- Strong communicator, able to influence engineering teams on remediation priority and translate technical risk into terms executives act on
Demonstrated, hands-on strength in:
- Threat modeling and secure architecture review
- Microservice architecture
- Penetration testing[Web, API, Mobile] and vulnerability management
- SAST, DAST, SCA, Containers, IaC including container/Kubernetes workload security..
- Software supply-chain security
- SOC operations and incident response
- DevSecOps and CI/CD security integration
- Python (or equivalent) scripting for security automation
Preferred Qualifications
- Certifications: OSCP, OSWE, GWAPT, GPEN, CISSP, or equivalent
- Experience securing AWS, Azure, or GCP environments, and Kubernetes/container workloads
- Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, Sentinel, XSOAR, or similar)
- Familiarity with security maturity frameworks: OWASP SAMM, BSIMM, or NIST CSF
- Exposure to securing AI/LLM implementations
Vagas similares
Mantenha uma lista reserva.
Stack
Use estas tags para comparar vagas remotas similares.
Elegibilidade de localização
Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.
Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.
Fluxo de contratação
O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.
1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.