Cloud Security Engineer

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech).As a Trusted Partner over the last decade. ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services governance and assurance services as well as managed a dynamic digital & cyber landscape where trust & collaboration is key ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Responsibilities:

Cloud security engineering with product teams

• Act as the cloud security engineer embedded with product teams for systems under the CIOOs remit while sitting in a central security function that supports multiple product teams.
• Review cloud solution and infrastructure designs providing clear actionable security guidance on but not limited to:
• Account and landing zone patterns
• VPC and network segmentation
• Identity and access management (IAM)
• Data protection logging monitoring and workload security.
• Recommend and design security controls that are fit-for-purpose for each product balancing protection usability and delivery speed.
• Work closely with product and platform teams to embed security-by-design into architectures CI/CD pipelines and day-to-day engineering practices.
• Improve security posture on existing systems such as:
• Identifying control gaps via automated checks and design reviews
• Prioritising remediation actions
• Supporting teams in implementing improvements in a sustainable way.

Centralised cloud security capabilities

• Contribute to the design and implementation of centralised cloud security capabilities for systems under the CISOs remit including patterns and reference implementations for:
• Bring Your Own Keys (BYOK) Enterprise key vaults management patterns for product team workloads
• Cloud Privileged Access Management (PAM) including role design just-in-time access patterns and approval workflows.
• Provide hands-on configuration for AWS security services such as KMS certificate management and IAM to realise these patterns in live environments.
• Work with infra/platform teams to define how logs and security telemetry from AWS workloads are collected normalised and made available to central tooling (e.g. security analytics or observability platforms).

Control validation and automation

• Define and implement automated checks to validate that key cloud controls are in place and effective for example via:
• Infrastructure-as-code scanning
• Cloud configuration and posture management tools
• Automated policy checks in CI/CD pipelines.
• Translate control requirements into controls as code collaborating with engineering teams to implement them (e.g. Terraform modules guardrails or policy-as-code).
• Continuously refine automated checks based on new threats incident learnings and changes in GovTech requirements.

Stakeholder engagement and ways of working

• Partner closely with infra/platform teams and product teams to co-design secure patterns resolve design trade-offs and ensure secure adoption of cloud services.
• Operate in a hybrid 1st- and 2nd-line capacity:
• Embedded enough with delivery teams to help build and implement secure solutions
• Independent enough to challenge designs identify risks and recommend mitigations.
• Communicate complex cloud and security topics in clear outcome-focused language tailored to engineers architects and non-technical stakeholders.
• Provide regular concise updates to the CISO on key risks residual issues and progress on control uplift across systems under the CISOs remit.

• Experience: 35 years in cloud platform or cloud security engineering with strong security exposure and hands-on cloud project work (design implementation troubleshooting).
• Cloud security & IaC skills: Strong proficiency in Cloud (networking IAM KMS/BYOK logging/telemetry containers/serverless CI/CD) and IaC tools to design implement and automate cloud security controls.
• Controls & automation: Familiar with automated control validation (e.g. cloud posture checks IaC scanning pipeline-integrated checks) and expressing controls as code together with infra/platform and product teams.
• Qualifications & attributes: Cloud Solutions Architect and/or Cloud Security certifications strongly preferred; pragmatic outcome-focused individual contributor comfortable embedded with engineering teams while reporting directly to the CISO.

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants please click Apply Now.

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application you agree that your personal data may be collected used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS) GovTech and their service providers and agents in accordance with ATSs privacy statement which can be found at: or such other successor site.

• A wholly-owned subsidiary of GovTech.
• We promote a learning culture and encourage you to grow and learn.
• Contract Staff enjoys the same benefits as Permanent Employees.

Required Experience:

IC