Senior Cybersecurity

Key Responsibilities
- Lead Agile Threat Modelling engagements, embedding security into agile workflows and DevOps processes.
- Review and improve security processes, identifying gaps in Change Management, Business Continuity Planning, Incident Response, Patch Management, and Risk Assessment & Mitigation
- Conduct security architecture reviews across on-prem and cloud environments; provide risk-informed guidance to solution architects and delivery teams.
- Implement and manage an enterprise-level vulnerability management program, integrating scanning, triage, and remediation workflows.
- Build, secure, and maintain DevSecOps pipelines, integrating SAST, DAST, dependency scanning, and IaC security tools.
- Define and drive Governance, Risk, and Compliance (GRC) strategy and operations in alignment with internal policies and industry standards (e.g., NIST, ISO 27001).
- Conduct source code reviews and support secure coding practices within development teams.
- Guide implementation of data protection controls, including data inventory, classification, and access governance.
- Provide security guidance for cloud-native services (AWS, Azure, GCP), leveraging cloud security controls and monitoring tools.
- Collaborate with internal red teams or third-party vendors on penetration testing and post-test remediation.
Act as a security advisor to cross-functional teams, fostering a culture of security and ownership across the technology organization.Lead stakeholder engagement to enforce adherence to security standards and promote a risk-aware culture.
- **Qualifications**
- Strong expertise in secure software development, agile threat modelling, and SDLC security integration.
- Proven ability to lead DevSecOps adoption in complex CI/CD environments.
- Practical experience with cloud platforms (AWS, Azure, or GCP) and associated security best practices.
- Strong knowledge of vulnerability management tools, SAST/DAST scanners, IaC analysis, and source code review techniques.
- Solid understanding of data protection, privacy regulations, and security controls for data lifecycle management.
- Familiar with GRC frameworks (e.g., ISO 27001, NIST CSF, CIS Benchmarks) and able to implement security policies in alignment with them.Strong collaboration, communication, and influence skills across technical and business teams.
- Preferred Certifications
- OSCP, OSWE - Offensive Security certifications
- AWS Certified Security - Specialty, Microsoft AZ-500, Google Professional Cloud Security Engineer
- CCSP - Certified Cloud Security Professional
- CISSP - Certified Information Systems Security ProfessionalPractical DevSecOps Professional/Expert
- **Additional Information**
**BENEFITS & PERKS FOR WORKING AT OLLION**

Our employees multiply their potential because they have opportunities to: Create a lasting **Impact**, **Learn**and **Grow**professionally & personally, **Experience**great **Culture**, and Be your **Whole Self**

Beyond an amazing, collaborative work environment, great people, and inspiring, innovative work, we have some great benefits and perks:

- Benchmarked, competitive, in-market total rewards package including (but not limited to): base salary & short-term incentive for all employees
- We are a virtual-by-default, small but Global organization; ‘learn wherever, whenever’ frees our people from a rigid view of learning and growth
- Retirement planning (i.e. CPF, EPF, company-matched 401(k))
- Globally, we build benefit plans that offer choices for whatever stage in life our employees are in and allow for flexibility as life happens. Employees have access to a fully comprehensive benefits package to choose the medical, dental, and vision insurance plan that best fits their lives. In addition to great healthcare coverage, we also offer all employees mental health resources and additional wellness programs.
- Generous time off and leave allowances
And more