Information Technology Security Specialist
Job post no longer accepts applications
SAMOOHA (S) PTE. LTD.
15 days ago
Posted date15 days ago
N/A
Minimum levelN/A
EngineeringJob category
Engineering#### Introduction
We are a small, independent technology company focused on delivering secure, high-quality software and infrastructure solutions. As a fully remote team, we offer a high degree of flexibility-our team members manage their own time and working style, as long as responsibilities are met. While we operate asynchronously, we value availability for collaboration across time zones from GMT+1 to GMT+8 when needed.
We're not looking for someone to just follow instructions-we're looking for a strategic thinker. Everyone here contributes to shaping the direction of our projects and the company as a whole. If you thrive in a low-ego, high-autonomy environment and want to grow *with* the company-not just in it-you'll fit right in.
From a technical perspective, we value individual strengths and areas of expertise, but we do not work in silos. Everyone is expected to engage across the stack-from infrastructure and security to application code-according to the needs of the project. We believe this approach creates a more resilient team and a deeper sense of ownership over the work we deliver.
#### Who we are looking for
We're looking for a security-focused technologist who is comfortable working across the stack and across disciplines. You should have deep expertise in information security-but also the curiosity and initiative to contribute to infrastructure, development, and tooling when needed.
You'll be expected to take ownership of our security posture while actively collaborating with the broader team on architecture and implementation decisions. A key part of the role will be to lead the implementation of security compliance programs such as SOC 2, which are required to onboard and retain corporate clients.
In addition, we are looking for someone with proven hands-on experience in software development as well. Beyond understanding cybersecurity principles and frameworks, the ideal candidate should have practical coding skills and experience contributing directly to the codebase.
This role is ideal for someone who wants to build, not just implement; who enjoys both strategy and execution; and who is looking to make a long-term impact in a company that prioritizes autonomy, clarity, and trust.
#### Reponsabilities
- Design, implement, and own the company's cybersecurity strategy, risk management, and compliance programs (SOC 2, ISO 27001, GDPR, and others).
- Define and maintain security policies, standards, and operational procedures.
- Work closely with development teams to design and maintain secure architecture, cloud infrastructure, and internal security tooling.
- Contribute directly to the development of security-critical features, secure APIs, automation scripts, and internal monitoring tools, with a focus on JavaScript (Node.js), Java and Clojure environments.
- Conduct security reviews of codebases, applications, and cloud environments, identifying and mitigating vulnerabilities.
- Lead incident response planning, vulnerability management, security audits, and third-party vendor security assessments.
- Train and mentor technical and non-technical teams on security awareness and secure development practices.
- Represent security posture to executives, clients, and auditors.
- Plan and build the future security team as the company grows.
#### Requirements
- Proven experience leading cybersecurity initiatives, including SOC 2 and ISO 27001 certifications.
- Strong technical background with proven ability to read, write, and review production code (preferably in JavaScript/Node.js and Clojure).
- Practical experience in application security, secure software development lifecycle (SSDLC), and cloud-native security architecture (AWS).
- Excellent communication skills, with the ability to translate technical risks into business impact.
- Relevant certifications are a plus (e.g., CISSP, OSCP, CISM, ISO 27001 Lead Implementer).
- Experience working in small or early-stage teams, with a demonstrated ability to operate autonomously and take ownership.
- Familiarity with security tooling and automation across the CI/CD pipeline.
- Experience interfacing with external stakeholders such as clients, auditors, or regulatory bodies.
- Understanding of privacy regulations and how they intersect with security (e.g., PDPA, GDPR, PCI-DSS).
We are a small, independent technology company focused on delivering secure, high-quality software and infrastructure solutions. As a fully remote team, we offer a high degree of flexibility-our team members manage their own time and working style, as long as responsibilities are met. While we operate asynchronously, we value availability for collaboration across time zones from GMT+1 to GMT+8 when needed.
We're not looking for someone to just follow instructions-we're looking for a strategic thinker. Everyone here contributes to shaping the direction of our projects and the company as a whole. If you thrive in a low-ego, high-autonomy environment and want to grow *with* the company-not just in it-you'll fit right in.
From a technical perspective, we value individual strengths and areas of expertise, but we do not work in silos. Everyone is expected to engage across the stack-from infrastructure and security to application code-according to the needs of the project. We believe this approach creates a more resilient team and a deeper sense of ownership over the work we deliver.
#### Who we are looking for
We're looking for a security-focused technologist who is comfortable working across the stack and across disciplines. You should have deep expertise in information security-but also the curiosity and initiative to contribute to infrastructure, development, and tooling when needed.
You'll be expected to take ownership of our security posture while actively collaborating with the broader team on architecture and implementation decisions. A key part of the role will be to lead the implementation of security compliance programs such as SOC 2, which are required to onboard and retain corporate clients.
In addition, we are looking for someone with proven hands-on experience in software development as well. Beyond understanding cybersecurity principles and frameworks, the ideal candidate should have practical coding skills and experience contributing directly to the codebase.
This role is ideal for someone who wants to build, not just implement; who enjoys both strategy and execution; and who is looking to make a long-term impact in a company that prioritizes autonomy, clarity, and trust.
#### Reponsabilities
- Design, implement, and own the company's cybersecurity strategy, risk management, and compliance programs (SOC 2, ISO 27001, GDPR, and others).
- Define and maintain security policies, standards, and operational procedures.
- Work closely with development teams to design and maintain secure architecture, cloud infrastructure, and internal security tooling.
- Contribute directly to the development of security-critical features, secure APIs, automation scripts, and internal monitoring tools, with a focus on JavaScript (Node.js), Java and Clojure environments.
- Conduct security reviews of codebases, applications, and cloud environments, identifying and mitigating vulnerabilities.
- Lead incident response planning, vulnerability management, security audits, and third-party vendor security assessments.
- Train and mentor technical and non-technical teams on security awareness and secure development practices.
- Represent security posture to executives, clients, and auditors.
- Plan and build the future security team as the company grows.
#### Requirements
- Proven experience leading cybersecurity initiatives, including SOC 2 and ISO 27001 certifications.
- Strong technical background with proven ability to read, write, and review production code (preferably in JavaScript/Node.js and Clojure).
- Practical experience in application security, secure software development lifecycle (SSDLC), and cloud-native security architecture (AWS).
- Excellent communication skills, with the ability to translate technical risks into business impact.
- Relevant certifications are a plus (e.g., CISSP, OSCP, CISM, ISO 27001 Lead Implementer).
- Experience working in small or early-stage teams, with a demonstrated ability to operate autonomously and take ownership.
- Familiarity with security tooling and automation across the CI/CD pipeline.
- Experience interfacing with external stakeholders such as clients, auditors, or regulatory bodies.
- Understanding of privacy regulations and how they intersect with security (e.g., PDPA, GDPR, PCI-DSS).
JOB SUMMARY
Information Technology Security Specialist
SAMOOHA (S) PTE. LTD.
Singapore
15 days ago
N/A
Full-time
Job post no longer accepts applications
Information Technology Security Specialist
Job post no longer accepts applications