Security Engineer, Third Party Security Diligence

About the role

Join a security team focused on making systems safer for users and developers. In this position, you will help protect network boundaries, strengthen systems and devices against attack, and safeguard highly sensitive information such as passwords and customer data. You will work closely with network equipment, monitor environments for intrusions, and partner with software engineers to find and fix security weaknesses before they can be exploited.

This role is part of the Security and Privacy for Mergers, Acquisitions and Alphabet (SPMA) organization, whose mission is to reduce acquisition, third-party, and cloud-related risk. Within that structure, this position is centered on third-party/vendor security diligence, supporting a broader third-party risk management ecosystem. The work also connects with the Core team, which provides the technical foundation behind key products and internal systems.

What you'll do

• Perform detailed security reviews for critical and high-risk third-party vendors, assess their controls against company requirements, flag gaps, and suggest practical remediation steps.
• Improve the Third Party Security Diligence program by building tools, automating workflows, and recommending better processes.
• Help connect 3PSD tooling with the wider OneTPRM ecosystem and use data analysis to surface patterns and trends in risk.
• Work with internal partners such as vendor managers and product teams to advise on third-party security matters.
• Build and maintain strong technical knowledge in areas relevant to third-party risk, including cloud security, application security, and identity and access management, while creating reusable best-practice patterns.

Minimum qualifications

• A bachelor’s degree or an equivalent level of hands-on professional experience.
• At least 2 years of experience in security assessments, security design reviews, or threat modeling.
• At least 2 years of experience in security engineering, computer and network security, and security protocols.
• At least 2 years of coding experience in one or more general-purpose languages such as Python, SQL, C, C++, Java, or Go.

Preferred qualifications

• Strong background in enterprise security areas such as threat modeling, security assessments, authentication and access control, SaaS security, cloud security, and data protection.
• Experience in security engineering, security architecture, or consulting.
• Ability to create high-quality engineering outputs such as design documents, code reviews, or risk assessments with little revision needed.
• Proven capability to drive risk reduction independently and with limited supervision.
• Excellent spoken and written communication skills.

Eligibility and work authorization

Applicants should already have the right to work in Singapore and must not need visa sponsorship from the employer.

Equal opportunity

The employer is committed to equal employment opportunity and an inclusive workplace. Consideration is given without regard to race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or criminal history where allowed by law. Accommodation support is available for applicants who need it.