JOB DESCRIPTION

We are looking for an experienced and forward-thinking Senior Cybersecurity / DevSecOps Consultant to join our Singapore team. In this role, you will lead security initiatives across the software development lifecycle, drive secure DevSecOps practices, and enhance the organization’s cyber resilience through proactive governance, technical assurance, and automation. The ideal candidate has deep technical expertise, strong stakeholder engagement capabilities, and a passion for integrating security into agile, cloud, and DevOps environments.

Key Responsibilities

• Lead Agile Threat Modelling engagements, embedding security into agile workflows and DevOps processes.
• Review and improve security processes, identifying gaps in Change Management, Business Continuity Planning, Incident Response, Patch Management, and Risk Assessment & Mitigation
• Conduct security architecture reviews across on-prem and cloud environments; provide risk-informed guidance to solution architects and delivery teams.
• Implement and manage an enterprise-level vulnerability management program, integrating scanning, triage, and remediation workflows.
• Build, secure, and maintain DevSecOps pipelines, integrating SAST, DAST, dependency scanning, and IaC security tools.
• Define and drive Governance, Risk, and Compliance (GRC) strategy and operations in alignment with internal policies and industry standards (e.g., NIST, ISO 27001).
• Conduct source code reviews and support secure coding practices within development teams.
• Guide implementation of data protection controls, including data inventory, classification, and access governance.
• Provide security guidance for cloud-native services (AWS, Azure, GCP), leveraging cloud security controls and monitoring tools.

• Collaborate with internal red teams or third-party vendors on penetration testing and post-test remediation.Act as a security advisor to cross-functional teams, fostering a culture of security and ownership across the technology organization.Lead stakeholder engagement to enforce adherence to security standards and promote a risk-aware culture.

QUALIFICATIONS

• 7+ years of experience in cybersecurity, including roles focused on application security, DevSecOps, cloud security, or risk management.
• Strong expertise in secure software development, agile threat modelling, and SDLC security integration.
• Proven ability to lead DevSecOps adoption in complex CI/CD environments.
• Practical experience with cloud platforms (AWS, Azure, or GCP) and associated security best practices.
• Strong knowledge of vulnerability management tools, SAST/DAST scanners, IaC analysis, and source code review techniques.
• Solid understanding of data protection, privacy regulations, and security controls for data lifecycle management.
• Familiar with GRC frameworks (e.g., ISO 27001, NIST CSF, CIS Benchmarks) and able to implement security policies in alignment with them.Strong collaboration, communication, and influence skills across technical and business teams.

Preferred Certifications

• OSCP, OSWE – Offensive Security certifications
• AWS Certified Security – Specialty, Microsoft AZ-500, Google Professional Cloud Security Engineer
• CCSP – Certified Cloud Security Professional

• CISSP – Certified Information Systems Security ProfessionalPractical DevSecOps Professional/Expert

• Lead Agile Threat Modelling engagements, embedding security into agile workflows and DevOps processes.
• Review and improve security processes, identifying gaps in Change Management, Business Continuity Planning, Incident Response, Patch Management, and Risk Assessment & Mitigation
• Conduct security architecture reviews across on-prem and cloud environments; provide risk-informed guidance to solution architects and delivery teams.
• Implement and manage an enterprise-level vulnerability management program, integrating scanning, triage, and remediation workflows.
• Build, secure, and maintain DevSecOps pipelines, integrating SAST, DAST, dependency scanning, and IaC security tools.
• Define and drive Governance, Risk, and Compliance (GRC) strategy and operations in alignment with internal policies and industry standards (e.g., NIST, ISO 27001).
• Conduct source code reviews and support secure coding practices within development teams.
• Guide implementation of data protection controls, including data inventory, classification, and access governance.
• Provide security guidance for cloud-native services (AWS, Azure, GCP), leveraging cloud security controls and monitoring tools.
• Collaborate with internal red teams or third-party vendors on penetration testing and post-test remediation.Act as a security advisor to cross-functional teams, fostering a culture of security and ownership across the technology organization.Lead stakeholder engagement to enforce adherence to security standards and promote a risk-aware culture