Cybersecurity Principal Engineer (Ref 26451)

Responsibilities

Security Architecture & Design:

• Develop and maintain secure architectures for on-premises, hybrid, and multi-cloud environments (Azure, GCP, etc).

•  Design multi-layered security for on-premises, air-gapped environments, including network segmentation, firewall policies, intrusion detection/prevention systems (IDS/IPS), centralized logging and auditing, access control best practices, and secure key management.

• Configure security controls, including network firewalls, VLANs, and access policies, ensuring alignment with compliance frameworks (CIS Benchmarks, IM8, NIST, ISO 27001)

Technical Leadership: 

• Serve as a subject matter expert, mentoring junior engineers and leading cross-functional teams on advanced security projects.

• Guide adoption of best practices for network, cloud, and application security.

Threat & Vulnerability Management: 

• Lead penetration testing, red teaming, and proactive threat modeling to identify and mitigate risks.

• Maintain and monitor firewalls (Fortigate, Palo Alto), intrusion detection/prevention systems (IDS/IPS), VPNs, PAM solutions, and SIEM systems.

• Monitor and analyze security logs and alerts in real-time to detect and respond to incidents.

Incident Response: 

• Lead response teams during security breaches, performing root cause analysis and ensuring timely remediation. 

• Develop and implement protocols to reduce security incidents and enhance organizational resilience.

Governance, Risk & Compliance (GRC): 

• Ensure systems comply with regulatory and internal standards, including NIST, ISO 27001, and Singapore’s CII requirements. 

• Conduct regular audits and vulnerability assessments, documenting security posture and risk mitigation.

Solution Evaluation: 

• Conduct PoCs for emerging security technologies to ensure business alignment. 

• Deploy and optimize AWS-native security services (IAM, KMS, Shield, WAF) and third-party solutions to strengthen detection, prevention, and response capabilities.

Requirements

• 8–12+ years in cybersecurity, with 3–5 years in senior technical leadership or architectural roles.

• Deep experience with cloud security (AWS, Azure, GCP) and on-premises network security.

• Strong hands-on knowledge of firewalls, IDS/IPS, VPNs, PAM, SIEM, and endpoint protection systems.

• Proficient in incident response, threat detection, and security monitoring.

• Proven ability to influence stakeholders, mentor teams, and communicate complex security concepts effectively. 

• CISSP required; additional certifications (CISM, CISA, AWS Security Specialty) are a plus.

Licence no: 12C6060