Cybersecurity Engineer

Join to apply for the Cybersecurity Engineer role at Thales Location: SINGAPORE, Singapore Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the front‑line of aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all trust. In Singapore, Thales has been a trusted partner since 1973, originally focused on aerospace activities in the Asia‑Pacific region. With 2,000 employees across three local sites, we deliver cutting‑edge solutions across aerospace (including air traffic management), defence and security, and digital identity and cybersecurity sectors. Together, we’re shaping the future by enabling customers to make pivotal decisions that safeguard communities and power progress. Whom We Are Looking For We are seeking a highly skilled and motivated Cybersecurity engineer to join our team, building the next generation of Air Traffic Management Systems. As a Cybersecurity engineer embedded within a software development team, you will act as the team’s security expert, ensuring that security is built into the software lifecycle from design to deployment. You will collaborate closely with developers, architects, product owners, and DevOps engineers to embed security practices into everyday workflows, enabling the delivery of secure, resilient and compliant software systems. The candidate would be working across two (2) agile squads, in software delivery. Responsibilities Vulnerability Management: Ensure that static and dynamic application security testing (SAST/DAST) is enabled, updated in the CI/CD pipelines. Identify, triage and help remediate security vulnerabilities in Kubernetes clusters, applications and dependencies. DevSecOps Practices: Embed security checks into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning, IaC security). Automate security testing and integrate with the team’s GitOps/DevOps workflows. Collaboration & Mentorship: Partner with developers in the team to provide secure coding practices. Evangelize and train team members on security best practices and emerging threats. Incident Preparedness: Support the team in developing secure logging, monitoring and alerting strategies. Participate in incident response planning and post‑incident reviews. Security Monitoring: Set up and manage continuous security monitoring tools to detect and respond to security incidents in real‑time. Compliance and Auditing: Ensure compliance with relevant industry standards and regulations and conduct regular security audits. Documentation: Maintain clear and up‑to‑date documentation of security architecture, in addition to security policies, procedures, and incident response plans, Security Management Plan. Communication: Provide regular reports on the cybersecurity status, including vulnerability assessments, threat modelling results, and incident response activities, to the product owners and other stakeholders. Collaborate with InfoSec and Compliance teams to run regular security audits, risk assessments and data assessments. Work in an agile, cross‑functional multinational team, actively engaging to support the success of the team. Requirements Education Bachelor’s degree in computer science, Cybersecurity, or a related field. Essential Skills/Experience Strong knowledge of secure coding practies in Java, Kotlin, Python, or C++. Proven experience in Cloud Infrastructure and Kubernetes security (e.g., containers, service mesh, . Familiarity with application security tools (e.g., SonarQube, Checkmarx, OWASP ZAP, Trivy). Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST. Knowledge of information security concepts like End‑point Security, End‑point Management, Public Key Infrastructure (PKI), Security Information & Event Management (SIEM), Privileged Access Management (PAM), Multi‑factor Authentication (MFA). Excellent written and verbal communication skills and high level of personal integrity. Innovative thinking and leadership with an ability to lead and motivate cross‑functional, interdisciplinary teams. Strong problem‑solving abilities and attention to detail. Essential / Desirable Traits Certified Professional with:Information Systems Security Professional (CISSP) Cybersecurity Maturity Model Certification (CMMC) ISO 27002:2013, NIST SP 800‑53 Possess learning agility, flexibility and pro‑activity Comfortable with agile teamwork and user engagement #J-18808-Ljbffr