Logo
PLOY ASIA PTE. LTD.

Cloud Application Security Engineer

PLOY ASIA PTE. LTD., West Islip, New York, United States

Save Job
Cloud Application Security Engineer About the role As a Senior Security Engineer, you will lead the security effort on client projects — guiding teams on secure architecture, code, and infrastructure. You will work hands-on with developers and DevOps engineers to integrate security into the delivery process, and also support enterprise security needs when clients require compliance with frameworks like ISO 27001 or CIS controls. This role is for someone who can switch between technical depth and broader security governance ie. someone who knows how to secure real-world systems and can confidently speak to risk, compliance, and best practices with both internal teams and client stakeholders. Whats on the offer Contract role - with a view of extension Location : Singapore, Onsite RESPONSIBILITIES: Act as the security lead on key software delivery projects Review application and infrastructure designs with a security lens Guide teams in applying secure development practices (OWASP Top 10, SAST, DAST, SCA, secrets management, etc.) Collaborate with DevOps/DevSecOps engineers to secure CI/CD pipelines and Infrastructure as Code Recommend and implement cloud security best practices (AWS, Azure, GCP) Support client discussions around enterprise security and compliance needs (e.g., ISO 27001, CIS benchmarks, shared responsibility models) Translate security requirements into clear, actionable guidance for delivery teams Document risk assessments, mitigation strategies, and architecture decisions Contribute to internal knowledge sharing, playbooks, and upskilling the team Experience required: You have 5–10 years of experience in security engineering, DevSecOps, or secure cloud architecture You’re hands-on with modern application stacks and cloud-native infrastructure You’re experienced with tools like SonarQube, Checkmarx, Snyk, GitHub Advanced Security, etc. You know your way around cloud security services (e.g., IAM, GuardDuty, Config, WAF, etc.) on AWS, Azure, or GCP You’re confident engaging with clients on both technical implementation and enterprise security expectations You’re familiar with security frameworks like ISO 27001, CIS controls, and data protection principles You’re comfortable with documentation and policy reviews when needed (without being "just governance") You have strong communication skills and can tailor your message to devs, ops, or business folks CISSP or similar certifications are a plus Strong foundation in information security principles (CIA triad, threat modeling, access control, etc.) Ability to conduct or support: Information security risk assessments Risk treatment planning Risk register maintenance Ability to align ISO 27001 with legal/regulatory requirements (PDPA) Perform internal ISMS audits Strong writing skills for: Information Security Policies Risk Treatment Plans Audit reports

#J-18808-Ljbffr