jobs in NEXadept

NEXadept Hiring! Full Time Senior Security Engineer in - Ricebowl

Senior Security Engineer

NEXadept

Undisclosed

Singapore

Share
Save

Working Location

  • Singapore Singapore

Job Description

Responsibilities

About the Role

Our client is a fast-growing AI technology company building innovative AI products and intelligent hardware for a global user base. They are looking for a Senior Security Engineer to help build and scale their security capabilities.


What you will do

You will own one or more of the following security domains. Deep expertise in 1-2 areas is what we look for — you don't need to cover all six. Tell us your primary domain(s) when you apply

  • 1. Cloud & Infrastructure Security Secure Plaud's AWS/GCP environments: remediate credential exposure, deploy CSPM, embed IaC security gates (Checkov/Terraform in CI/CD), and implement Zero Standing Privileges (JIT/CIEM)
  • 2. Data Security Build the data protection foundation: design L1-L5 classification for audio/transcription/PII, map data flows, implement WORM access audit logs, and govern Snowflake/database permissions
  • 3. Application Security & AI Security Own secure SDLC: integrate SAST/DAST into CI/CD, defend against Prompt Injection and LLM threats (OWASP LLM Top 10), and conduct security reviews for product releases
  • 4. Hardware & Firmware Security Validate Plaud's hardware (Sigma) against EN 18031: own Secure Boot, OTA dual-key signing, PKI lifecycle, HBOM+CVE supply chain scanning, and PSIRT operations
  • 5. Security Operations Build and run the SIEM platform (30+ MITRE ATT&CK-mapped detection rules), establish IR playbooks, own MTTD/MTTR metrics, and produce monthly security reports for leadership
  • 6. Enterprise IT Security Drive 100% EDR and MDM coverage, roll out Okta SSO/SCIM across the SaaS stack, and build a measurable security awareness program alongside the IT team


Requirement

  • 1. 5+ years of hands-on security engineering experience with deep expertise in at least one domain: cloud security (AWS/GCP, CSPM, IAM), data security (classification, DLP, audit logging), application/AI security (SAST, DAST, LLM/Prompt Injection), hardware/firmware security (embedded systems, PKI, EN 18031), security operations (SIEM, IR, SOAR), or enterprise IT security (EDR, MDM, IdP/SSO)
  • 2. Proven ability to build security controls from zero in a fast-moving environment — scoping work, selecting tools, and delivering independently without a pre-existing framework
  • 3. Cross-domain awareness: even if your depth is in 1-2 areas, you can reason about how cloud, data, product, hardware, and operational security interlock — and communicate risk clearly to engineering and leadership
  • 4. Familiarity with relevant standards and frameworks as applicable to your domain: NIST CSF, CIS Benchmarks, OWASP / OWASP LLM Top 10, MITRE ATT&CK, SOC 2, ISO 27001, EN 18031, GDPR/PIPL
  • 5. Experience using AI tools (LLM-assisted triage, automated CSPM, AI coding tools) to amplify security output — or genuine curiosity to adopt them in your workflow

Important Information

Never provide your bank or credit card details when applying for jobs. Do not transfer any money or complete unrelated online surveys. If you see something suspicious, Report this Job ad.

Learn More