Cybersecurity Engineer

Cybersecurity Engineer page is loaded## Cybersecurity Engineer remote type:
Hybrid locations:
SINGAPORE time type:
Full time posted on:
Posted Todaytime left to apply:
End Date:
June 30, 2026 (30+ days left to apply) job requisition :
R0308230

Location:

SINGAPORE, Singapore Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all  Singapore, Thales has been a trusted partner since 1973, originally focused on aerospace activities in the Asia-Pacific region.

With 2,000 employees across three local sites, we deliver cutting-edge solutions across aerospace (including air traffic management), defence and security, and digital identity and cybersecurity sectors. Together, we’re shaping the future by enabling customers to make pivotal decisions that safeguard communities and power progress.
** Whom We Are Looking For
** We are seeking a highly skilled and motivated Cybersecurity engineer to join our team, building the next generation of Air Traffic Management Systems. As a Cybersecurity engineer embedded within a software development team, you will act as the team’s security expert, ensuring that security is built into the software lifecycle from design to deployment. You will collaborate closely with developers, architects, product owners, and Dev Ops engineers to embed security practices into everyday workflows, enabling the delivery of secure, resilient and compliant software systems.

The candidate would be working across two (2) agile squads, in software delivery.

Responsibilities**:**
* ** Vulnerability Management:
** Ensure that static and dynamic application security testing (SAST/DAST) is enabled, updated in the CI/CD pipelines. Identify, triage and help remediate security vulnerabilities in Kubernetes clusters, applications and dependencies.
* ** Dev Sec Ops  Practices:
** Embed security checks into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning, IaC security). Automate security testing and integrate with the team’s Git Ops/Dev Ops workflows.
* ** Collaboration & Mentorship:
** Partner with developers in the team to provide secure coding practices. Evangelize and train team members on security best practices and emerging threats.
* ** Incident Preparedness:
** Support the team in developing secure logging, monitoring and alerting strategies. Participate in incident response planning and post-incident reviews.
* ** Security Monitoring:
** Set up and manage continuous security monitoring tools to detect and respond to security incidents in real-time.
* ** Compliance and Auditing:
** Ensure compliance with relevant industry standards and regulations and conduct regular security audits.
* ** Documentation:
** Maintain clear and up-to-date documentation of security architecture, in addition to security policies, procedures, and incident response plans, Security Management Plan.
* ** Communication:
** Provide regular reports on the cybersecurity status, including vulnerability assessments, threat modelling results, and incident response activities, to the product owners and other stakeholders.
* Collaborate with Info Sec and Compliance teams to run regular security audits, risk assessments and data assessments.
* Work in an agile, cross-functional multinational team, actively engaging to support the success of the team.

Requirements:
** Education
* ** Bachelor’s degree in computer science, Cybersecurity, or a related field.
** Essential Skills/Experience
*** Strong knowledge of secure coding practies in Java, Kotlin, Python, or C++.
* Proven experience in Cloud Infrastructure and Kubernetes security (e.g., containers, service mesh, .
* Familiarity with application security tools (e.g., Sonar Qube, Checkmarx, OWASP ZAP, Trivy).
* Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
* Knowledge of…