Cloud Security Engineer

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade. ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, governance and assurance services as well as managed processes. In a dynamic digital & cyber landscape where trust & collaboration is key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Responsibilities:

Cloud security engineering with product teams

• Act as the cloud security engineer embedded with product teams for systems under the CIOO’s remit, while sitting in a central security function that supports multiple product teams.
• Review cloud solution and infrastructure designs, providing clear, actionable security guidance on, but not limited to:
• Account and landing zone patterns,
• VPC and network segmentation,
• Identity and access management (IAM),
• Data protection, logging, monitoring, and workload security.

• Recommend and design security controls that are fit-for-purpose for each product, balancing protection, usability, and delivery speed.
• Work closely with product and platform teams to embed security-by-design into architectures, CI/CD pipelines, and day-to-day engineering practices.
• Improve security posture on existing systems such as:
• Identifying control gaps via automated checks and design reviews,
• Prioritising remediation actions,
• Supporting teams in implementing improvements in a sustainable way.

Centralised cloud security capabilities

• Contribute to the design and implementation of centralised cloud security capabilities for systems under the CISO’s remit, including patterns and reference implementations for:
• Bring Your Own Keys (BYOK), Enterprise key vaults management patterns for product team workloads,
• Cloud Privileged Access Management (PAM), including role design, just-in-time access patterns, and approval workflows.

• Provide hands-on configuration for AWS security services such as KMS, certificate management, and IAM to realise these patterns in live environments.
• Work with infra/platform teams to define how logs and security telemetry from AWS workloads are collected, normalised, and made available to central tooling (e.g. security analytics or observability platforms).

Control validation and automation

• Define and implement automated checks to validate that key cloud controls are in place and effective, for example via:
• Infrastructure-as-code scanning,
• Cloud configuration and posture management tools,
• Automated policy checks in CI/CD pipelines.

• Translate control requirements into “controls as code”, collaborating with engineering teams to implement them (e.g. Terraform modules, guardrails, or policy-as-code).
• Continuously refine automated checks based on new threats, incident learnings, and changes in GovTech requirements.

Stakeholder engagement and ways of working

• Partner closely with infra/platform teams and product teams to co-design secure patterns, resolve design trade-offs, and ensure secure adoption of cloud services.
• Operate in a hybrid 1st- and 2nd-line capacity:
• Embedded enough with delivery teams to help build and implement secure solutions,
• Independent enough to challenge designs, identify risks, and recommend mitigations.

• Communicate complex cloud and security topics in clear, outcome-focused language tailored to engineers, architects, and non-technical stakeholders.
• Provide regular, concise updates to the CISO on key risks, residual issues, and progress on control uplift across systems under the CISO’s remit.

Requirements:
• Experience: 3–5 years in cloud platform or cloud security engineering, with strong security exposure and hands-on cloud project work (design, implementation, troubleshooting).
• Cloud security & IaC skills: Strong proficiency in Cloud (networking, IAM, KMS/BYOK, logging/telemetry, containers/serverless, CI/CD) and IaC tools to design, implement, and automate cloud security controls.
• Controls & automation: Familiar with automated control validation (e.g. cloud posture checks, IaC scanning, pipeline-integrated checks) and expressing controls as code together with infra/platform and product teams.
• Qualifications & attributes: Cloud Solutions Architect and/or Cloud Security certifications strongly preferred; pragmatic, outcome-focused individual contributor, comfortable embedded with engineering teams while reporting directly to the CISO.

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/ or such other successor site.

Benefits:
• A wholly-owned subsidiary of GovTech.
• We promote a learning culture and encourage you to grow and learn.
• Contract Staff enjoys the same benefits as Permanent Employees.