Junior Security Architect

Company description:

About Us

Headquartered in Singapore, SATS Ltd. is one of the world's largest providers of air cargo handling services and Asia's leading airline caterer. SATS Gateway Services provides airfreight and ground handling services including passenger services, ramp and baggage handling, aviation security services, aircraft cleaning and aviation laundry. SATS Food Solutions serves airlines and institutions, and operates central kitchens with large-scale food production and distribution capabilities for a wide range of cuisines.

SATS is present in the Asia-Pacific, the Americas, Europe, the Middle East and Africa, powering an interconnected world of trade, travel and taste. Following the acquisition of Worldwide Flight Services (WFS) in 2023, the combined SATS and WFS network operates over 215 stations in 27 countries. These cover trade routes responsible for more than 50% of global air cargo volume. SATS has been listed on the Singapore Exchange since May 2000. For more information, please visit

Why Join Us

At SATS, people are our greatest asset and we build our success on the knowledge, expertise and performance of every contributor, by embracing diversity and uniqueness. As part of our holistic approach and commitment to embracing FAM (Fulfilling, Appreciated, Meaningful) in the workplace, we offer the runway to develop Fulfilling careers that foster your career growth, recognising and Appreciating the strength of talent and capabilities that we continue to build internally; and inspiring and encouraging each other to make Meaningful contributions in the work we do at SATS.

Job description:

Key Responsibilities

This role serves as a hands-on security architecture partner for technology initiatives across both cloud and on-premises environments within the region. You will apply enterprise security policies, develop and contribute to reference patterns, and ensure secure-by-design outcomes in projects. Responsibilities include conducting design reviews, performing threat modelling, and providing practical guidance to regional engineering teams to reduce risk and strengthen resilience.

The position also contributes reusable security designs and may occasionally collaborate with other regional architects or support projects in other regions where your specialized expertise is required.

• Lead security reviews for regional projects, platforms, and vendors; ensure designs meet global policy, risk tolerance, and compliance requirements.
• Apply existing reference architectures and contribute new patterns where gaps exist (cloud, data, identity, network, application).
• Perform threat models; specify compensating controls and validate via architecture artifacts (diagrams, ADRs, guardrails).
• Translate policy into Azure/AWS guardrails (landing zones, IAM, network segmentation, key management, logging).
• Embed security in SDLC (IaC, pipelines, SAST/DAST/SCA, secrets management) and partner with platform/SRE teams for pragmatic controls.
• Ensure classification-driven controls (encryption, tokenization, DLP) across data lifecycle and cross-border requirements.
• Specify telemetry, control points, and use‑case requirements to SOC/IR for effective detection coverage.
• Map designs to NIST CSF / ISO 27001 / NIS2 (EU-only) control objectives; support architecture specific audit questions and remediation planning.
• Produce concise reference designs, decision records, and possibly build/run books to accelerate delivery teams.
• Coach IT business partners and junior architects; champion a modern, practical, and business‑aligned security culture.
• Track emerging threats/regulations; propose targeted pattern/policy updates to the Principal Architect.

Key Requirements

• Bachelor's degree or equivalent professional experience.
• 5-10 years in cybersecurity, including 3-5 years focused on security architecture/engineering in enterprise or regulated environments.
• Hold current cybersecurity certifications such as: CISSP, CCSP, CISM, Azure/AWS, and others.
• Demonstrated delivery of secure designs in hybrid (on‑prem + multi‑cloud) environments.
• Applied alignment to NIST CSF / ISO 270xx / NIS2 (EU-only); familiarity with PCI or regional data protection regimes (e.g., GDPR, PDPA, CCPA) is a plus.
• Strong breadth across network micro‑segmentation, IAM/Zero Trust, application security, data protection/cryptography, logging/observability.
• Hands-on with Azure/AWS security services and IaC (ARM/Bicep/Terraform) for guardrails and repeatable controls.
• Solid threat modeling and attacker‑TTP awareness; able to specify measurable mitigations in your designs.
• Ability to create clear architecture artifacts (context/flow diagrams, reference patterns, control maps).
• System-thinking- ability to see the "big picture" and understand how various systems and stakeholders are connected.