Senior Security Engineer

WHO WE ARE:

Build. Scale. Sustain.

PALO IT is a global technology consultancy that crafts tech as a force for good. We design, develop and scale digital and sustainable products and services to unlock value across the triple bottom line: people, planet, profit. We do the right thing, and we do it right. We're proud to be a World Economic Forum New Champion, and a B Corp-certified company.

• We are small enough to care locally, big enough to deliver globally (5 continents, 18 offices, +650 experts from +50 nationalities)
• We are robust and resilient (100% independent and 0 debt)
• We are entrepreneurs and passionate experts: We invest in what we believe genuinely and work as a collective intelligence
• We are positive, courageous, caring, doers and committed to excellence

YOUR ROLE:
As a Senior Security Engineer, you will lead the security effort on client projects — guiding teams on secure architecture, code, and infrastructure. You will work hands-on with developers and DevOps engineers to integrate security into the delivery process, and also support enterprise security needs when clients require compliance with frameworks like ISO 27001 or CIS controls.

This role is for someone who can switch between technical depth and broader security governance ie. someone who knows how to secure real-world systems and can confidently speak to risk, compliance, and best practices with both internal teams and client stakeholders.

YOUR RESPONSIBILITIES:

• Act as the security lead on key software delivery projects
• Review application and infrastructure designs with a security lens
• Guide teams in applying secure development practices (OWASP Top 10, SAST, DAST, SCA, secrets management, etc.)
• Collaborate with DevOps/DevSecOps engineers to secure CI/CD pipelines and Infrastructure as Code
• Recommend and implement cloud security best practices (AWS, Azure, GCP)
• Support client discussions around enterprise security and compliance needs (e.g., ISO 27001, CIS benchmarks, shared responsibility models)
• Translate security requirements into clear, actionable guidance for delivery teams
• Document risk assessments, mitigation strategies, and architecture decisions
• Contribute to internal knowledge sharing, playbooks, and upskilling the team

WHO YOU ARE:

• You have 5–10 years of experience in security engineering, DevSecOps, or secure cloud architecture
• You’re hands-on with modern application stacks and cloud-native infrastructure
• You’re experienced with tools like SonarQube, Checkmarx, Snyk, GitHub Advanced Security, etc.
• You know your way around cloud security services (e.g., IAM, GuardDuty, Config, WAF, etc.) on AWS, Azure, or GCP
• You’re confident engaging with clients on both technical implementation and enterprise security expectations
• You’re familiar with security frameworks like ISO 27001, CIS controls, and data protection principles
• You’re comfortable with documentation and policy reviews when needed (without being "just governance")
• You have strong communication skills and can tailor your message to devs, ops, or business folks
• CISSP or similar certifications are a plus

We will be prioritizing applicants who have a current right to work in Singapore, and do not require sponsorship of a visa.

MORE ABOUT PALO IT:

We’re eager to adapt to change, learn from our experiences and move to meet our planet’s urgent needs. We are continuously taking action to:

• Become a climate net-zero company
• Attain 50% of revenue from projects with a positive impact
• Train 100% of our workforce on impact
• Achieve B Corp certification among all our offices across the globe
• Continuously measure & improve employee happiness

Our clients are amongst the world's most successful companies. We innovate with both established Fortune 1000s, SMEs and start-ups who aim to make an impact, become global leaders and address the world's most complex challenges.

What We Offer

• Stimulating working environments
• Unique career path
• International mobility
• Internal R&D projects
• Knowledge sharing
• Personalized training

For more on our team culture and benefits, check out our careers page.

PALO IT Singapore is an equal opportunity employer. Employment decisions will be based on merit, qualifications and abilities. Palo IT SG does not discriminate in employment opportunities or practices on the basis of race, colour, religion, sex, sexuality, national origin, age, disability, marital status or any other characteristics protected by law.

Protecting your privacy and the security of your data are longstanding top priorities for Palo-IT.

Your personal data will be processed for the purposes of managing Palo-IT’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results, and as is otherwise needed in the recruitment and hiring processes.

Please consult our Privacy Notice to know more about how we collect, use, and transfer the personal data of our candidates. Here you can find how you can request for access, correction and/or withdrawal of your Personal Data.