VP, AI Security Engineer, Technology Group

Location:Singapore

Job Function:Technology Group

Job Type:Permanent

Req ID:17139

About GIC
GIC is one of the worlds largest sovereign wealth funds. With over 2000 employees across 11 locations around the world we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the worlds industry leaders. As a leading global long-term investor we work at the Point of Impact for Singapores financial future and the communities we invest in worldwide.

Technology Group
We experiment design and lead a 247 global business where we support core capabilities in asset management trading investment operations and risk management. We deliver secure reliable and integrated solutions and provide insights on new and emerging technologies.

Strategy Architecture and Transformation Group
The Strategy Architecture & Transformation (SAT) group shapes and drives GICs technology strategy ensuring alignment with business priorities and enterprise goals. Bringing together expertise in strategy architecture engineering and transformation the team strengthens governance promotes consistency and accelerates delivery across the Technology Group. Through modern practices and close collaboration SAT leads the development of an architectural strategy that reinforces oversight and accountability while enabling reliable scalable solutions and informed decision making across the Technology Group and more broadly across GIC.

AI Engineering
The AI Engineering team within SAT is driving GICs transformation from AI-enabled to AI-native. We build and operate the foundational AI platform gateway agent runtime agentic IAM memory observability and more so that every team across GIC can develop and deploy AI agents that are secure observable and production-grade.

What impact can you make in this role

Autonomous agents introduce a fundamentally different threat model: software that dynamically decides what to access composes actions unpredictably processes untrusted inputs and operates at machine speed. Traditional security patterns assume human actors you will design the security architecture for a world where they dont.

As the AI Security Engineer you will be the teams subject-matter expert on both AI-specific and traditional security responsible for the security posture of every service the AI Engineering team builds. You will design and drive the implementation of the agentic IAM layer agent identity composite identity (user agent tool) policy-driven authorisation secret management and blast-radius control and embed security into every platform capability: the gateway agent runtime memory and observability.

You will work closely with enterprise security teams Cybersecurity Engineering Cybersecurity Assurance & Defence and IAM Engineering to co-design the identity model policy framework and secret management patterns that make autonomous agents governable. Where enterprise solutions exist you translate them into detailed design and implementation for the AI platform. Where they are still being built you bridge the gap with interim frameworks and tooling so the team is never left unprotected.

You will partner with the AI Site Reliability Engineer to ensure the platform is both resilient and secure inseparable concerns and work with the core AI platform squad to make every service SDK and tool secure by design: threat models before architecture reviews policy-as-code before deployment and automated compliance checks before release.

You are not a security auditor reviewing after the fact. You are a hands-on security engineer who writes policy builds identity frameworks implements controls and raises the security bar for the entire engineering squad mentoring and equipping the team to do the same.

This is a platform security engineering role embedded within the AI Engineering team not an enterprise cybersecurity function. Enterprise Cybersecurity Engineering owns the organisation-wide strategy threat intelligence and assurance standards; you engineer those standards into the AI platform.

Your Impact:

• Enable agentic IAM with enterprise IAM Engineering architect the agent identity model (composite identity: user agent tool) session scoping delegation chains and identity propagation across the full call chain
• Implement policy-as-code stand up the policy engine (Cedar / Amazon Verified Permissions preferred; OPA / Rego for cross-platform needs) enforcing zero-trust authorisation action risk tiers toxic combination detection and blast-radius controls
• Own the AI threat model identify document and mitigate AI-specific attack surfaces: prompt injection tool poisoning agent hijacking privilege escalation data exfiltration and model manipulation
• Secure the gateway embed controls for content-safety filtering jailbreak mitigation credential injection prevention and per-request policy evaluation
• Bridge enterprise and platform security translate enterprise baselines (network segmentation SIEM integration vulnerability management incident response) into AI-platform-specific implementations
• Partner on resilience design scoped sessions kill switches and deployment safety controls with the AI Site Reliability Engineer
• Ensure the platform is secure by design embed threat modelling scanning policy validation and compliance checks into CI/CD and deployment pipelines
• Build the security framework for the squad define standards review checklists secure coding guidelines and incident response playbooks
• Manage agent secrets design the agent secret broker for just-in-time credential issuance scoped access and automatic revocation

What will you do as an AI Security Engineer

You will design and implement the security architecture for the AI platform embedding zero-trust principles and agentic identity management into every layer of the stack. You will:

• Architect and implement the agentic IAM layer and policy-as-code engine
• Develop and maintain the AI-specific threat model and mitigation strategies
• Collaborate with enterprise cybersecurity and IAM teams to align standards and tooling
• Embed security controls into the AI gateway runtime and memory systems
• Integrate security scanning validation and compliance automation into CI/CD pipelines
• Partner with the AI Site Reliability Engineer to ensure resilience and security reinforce each other
• Mentor engineers on secure development practices and lead by example through hands-on implementation
• Build interim security frameworks and tooling where enterprise solutions are still evolving

.

What makes you a successful candidate

• Must Have:
  • 8 years in security engineering application security or platform security with at least 2 years in a lead role responsible for platform or product security architecture
  • Deep security engineering expertise hands-on in threat modelling secure architecture review penetration testing and incident response
  • Zero-trust architecture experience designing per-request verification least-privilege access micro-segmentation and ABAC-based systems
  • Cloud-native workload identity hands-on with AWS workload identity (EKS Pod Identity / IRSA IAM Identity Center SCIM IAM Roles Anywhere)
  • Policy-as-code production experience with Cedar / Amazon Verified Permissions or OPA / Rego
  • Cloud security (AWS preferred) IAM EKS KMS Secrets Manager GuardDuty Security Hub WAF and VPC security
  • CI/CD security embedding SAST DAST dependency and container scanning secrets detection and policy gates
  • Hands-on coding proficiency in Python building security tooling policy integrations and prototypes
  • Proven experience partnering with enterprise security teams and translating standards into platform implementations

• Nice to Have:
  • Experience with AI/ML security prompt injection defence content-safety filtering model poisoning detection and adversarial robustness
  • Familiarity with agentic systems and their unique security challenges
  • Experience with SPIFFE / SPIRE and platform-agnostic workload identity
  • Background in trusted identity propagation and data access control frameworks
  • Expertise in secret management architectures (Vault AWS Secrets Manager)
  • Experience designing data classification and access control frameworks
  • Familiarity with MCP and its security considerations
  • Exposure to compliance frameworks (MAS TRM ISO 27001 SOC 2 NIST AI RMF)
  • Contributions to open-source security tooling or published research

• Mindset & Working Style:
  • Secure by design not by audit security is architected in not bolted on
  • Hands-on leader you lead by building and mentoring
  • Bridge builder you collaborate seamlessly across enterprise and platform teams
  • Pragmatic risk thinker you calibrate controls to risk and make trade-offs explicit
  • Strong communicator you can explain threat models write clear documentation and mentor effectively
  • Builder at heart you thrive in early-stage environments defining foundational security architecture

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious agile and diverse teams - be empowered to push boundaries and pursue innovative ideas share your views and be heard. Be anchored on our PRIME Values: Prudence Respect Integrity Merit and Excellence which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC
At GIC our offices are vibrant hubs for ideation professional growth and interpersonal connection. At the same time we believe that flexibility allows us to do our best work and be our best selves. Thus our teams come into the office four days per week to harness the benefits of in-person collaboration but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

GIC is an equal opportunity employer
GIC is an equal opportunity employer and we value diversity. We do not discriminate based on race religion color national origin sex gender gender expression sexual orientation age marital status veteran status or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process to perform essential job functions and to receive other benefits and privileges of employment.

Learn more about our Technology Group here:
Experience:

Exec