Senior Cyber Security Engineer

About the role

We are seeking a Senior Cyber Security Engineer to serve as the first dedicated security engineer at Flo, leading the technical execution of application and cloud security across the organization.

You will work closely with Engineering and Platform (DevOps) teams to embed security into the software development lifecycle and cloud infrastructure. You will serve as the technical security leader for day-to-day security engineering, helping to scale secure practices as Flo expands across Singapore and Australia.

This role is ideal for someone who enjoys hands-on security engineering, technical leadership, and influencing teams through collaboration rather than authority.

What you'll do

As the Senior Cyber Security Engineer, you will focus on application and cloud security, while supporting the broader cybersecurity posture of the organization. As the first security engineer, you will play a key role in shaping how security is implemented in practice and how engineering teams engage with security.

Security Leadership & Enablement

• Act as the technical security lead for application and cloud security, partnering closely with Engineering and Platform teams.
• Work under the direction of the IT Security Manager to implement security strategy, priorities, and roadmaps.
• Establish and lead a Security Guild/security community of practice, creating a forum for shared learning and ownership of security across engineering.
• Work closely with developers and engineers to promote secure design, threat modeling, and secure coding practices.
• Influence architecture and technology decisions by providing pragmatic, risk-based security guidance.
• Champion security-by-design and security-by-default approaches while balancing delivery speed and usability.

Secure Development & Cloud Practices

• Collaborate with developers to embed secure coding practices and conduct code reviews for high-risk features.
• Conduct threat modeling and security architecture reviews for cloud-native apps and microservices.
• Integrate security scanning tools (SAST, DAST, SCA) into CI/CD pipelines.
• Collaborate with the Platform Team (DevOps) to secure containerized workloads (e.g., Docker, Kubernetes), infrastructure-as-code, and serverless applications.
• Work with the Platform Team to secure configuration across AWS accounts, including IAM, encryption, and network controls.
• Implement and manage Web Application Firewalls (WAFs) to protect applications from OWASP Top 10 vulnerabilities and other common attacks.

Threat Detection & Incident Response

• Monitor and investigate alerts using SIEM platforms, IDS/IPS, and cloud-native security tools (e.g., AWS GuardDuty, Security Hub).
• Support response to security incidents, including containment, recovery, and post-incident analysis.
• Maintain incident response plans, develop playbooks, and contribute to tabletop exercises.