Share this Job

Principal Security Architect

Date: 17-Nov-2022

Location: Singapore, Singapore

Company: Singtel Group

At Singtel, we're working on projects that push the boundaries of digital, realising our vision and purpose to Empower Every Generation. We have a dynamic and diverse team, with a passion for innovation, and talent to deliver cutting-edge digital solutions and immersive customer experience.

 

In Group IT, we create great technology that can change the future, and we're looking for people to be part of our digital and 5G journey. If you like to work in a dynamic, leading communications technology group to deliver innovations and excellence across the region, come join our digital, software engineering, data and cyber security teams!

This is a strategic role expected to focus on securing applications for various digital channels and platforms. The Lead Security Architect plays an integral role to provide expert advice and consultancy to application development teams to reduce security risks due to application software vulnerabilities. He/she will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.

 

Key Responsibilities

  • The candidate will be responsible for evaluation, planning, and developing robust security architectures for new IT and business-led projects.
  • Develops and maintains a secured application framework (e.g., models, templates, standards, and procedures) that enables the enterprise to develop and implement secure solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
  • Develops standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria.
  • Drafts security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the chief information security officer (CISO).
  • As the security expert, the candidate will work with project teams to ensure applications are secure by design at the onset, performs ad hoc code reviews and reviews vulnerability test results to ensure security frameworks are continuously improved to address gaps. The candidate will review the results and work closely with project teams to remediate the identified security vulnerabilities.
  • Conducts or facilitate threat modelling of services and applications that tie to the risks and data associated with the service or application
  • Coordinates with DevSecOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO
  • Coordinates with the privacy officer or office to document data flows of sensitive information in Singtel’s custom developed apps across the organization (e.g., PII or CII) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
  • Review security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics

 

The ideal candidate should possess:

  • Degree in Information Technology, Computer Science, Engineering or its equivalent.
  • 10+ years of experience in the technology industry including 7+ in internet facing security systems
  • Deep expertise in security architecture of systems, sandbox implementations, mobile operating systems (Android/iOS), web applications, security protocols and algorithms
  • Possess strong background and experience as a successful Software engineer/Architect in building large scale, highly available web and mobile applications.
  • Significant experience working on mission critical internet facing applications focusing on the security aspects
  • Passion for security and ability to pick up and learn new technological advances very quickly
  • Exhibits leadership in guiding team members, adapts to changes in technology and business domains, has good knowledge of latest trends in the market and is well respected within the team
  • Experience with modern identity and access management platforms including MFA for omni channels.
  • Good knowledge and experience in Spring boot, API security including OAuth2/OIDC, Tokens, mTLS, NIST Cybersecurity Frameowrk, ISO 27001/2, etc.
  • Solid understanding of Public Cloud (pref. AWS) architecture and security. AWS Security certification is a big plus
  • Ability to effectively communicate vision and roadmap to all stakeholders. Exceptional communication skills with diverse audiences (including non-technical audiences)
  • Experience in API gateway/service mesh, Container (Kubernetes/docker)
  • Knowledge/Experience in Agile Development and Management tools, e.g. Jira, Nexus, Bamboo, Jenkins, Sonar, Selenium, Bitbucket

 

We are committed to a safe and healthy environment for our employees & customers and will require all prospective employees to be fully vaccinated.

 

 

Apply now, and ignite our digital future together.