About the role

We are seeking a Senior Cyber Security Engineer to serve as the first dedicated security engineer at Flo, leading the technical execution of application and cloud security across the organization.

You will work closely with Engineering and Platform (DevOps) teams to embed security into the software development lifecycle and cloud infrastructure. You will serve as the technical security leader for day-to-day security engineering, helping to scale secure practices as Flo expands across Singapore and Australia.

This role is ideal for someone who enjoys hands-on security engineering, technical leadership, and influencing teams through collaboration rather than authority.

What you'll do

As the Senior Cyber Security Engineer, you will focus on application and cloud security, while supporting the broader cybersecurity posture of the organization. As the first security engineer, you will play a key role in shaping how security is implemented in practice and how engineering teams engage with security.

Security Leadership & Enablement

• Act as the technical security lead for application and cloud security, partnering closely with Engineering and Platform teams.
• Work under the direction of the IT Security Manager to implement security strategy, priorities, and roadmaps.
• Establish and lead a Security Guild/security community of practice, creating a forum for shared learning and ownership of security across engineering.
• Work closely with developers and engineers to promote secure design, threat modeling, and secure coding practices.
• Influence architecture and technology decisions by providing pragmatic, risk-based security guidance.
• Champion security-by-design and security-by-default approaches while balancing delivery speed and usability.

Secure Development & Cloud Practices

• Collaborate with developers to embed secure coding practices and conduct code reviews for high-risk features.
• Conduct threat modeling and security architecture reviews for cloud-native apps and microservices.
• Integrate security scanning tools (SAST, DAST, SCA) into CI/CD pipelines.
• Collaborate with the Platform Team (DevOps) to secure containerized workloads (e.g., Docker, Kubernetes), infrastructure-as-code, and serverless applications.
• Work with the Platform Team to secure configuration across AWS accounts, including IAM, encryption, and network controls.
• Implement and manage Web Application Firewalls (WAFs) to protect applications from OWASP Top 10 vulnerabilities and other common attacks.

Threat Detection & Incident Response

• Monitor and investigate alerts using SIEM platforms, IDS/IPS, and cloud-native security tools (e.g., AWS GuardDuty, Security Hub).
• Support response to security incidents, including containment, recovery, and post-incident analysis.
• Maintain incident response plans, develop playbooks, and contribute to tabletop exercises.
• Coordinate or assist with penetration testing and vulnerability assessments, both internally and with third-party vendors.

Security Innovation & Continuous Improvement

• Stay current with emerging threats, vulnerabilities, and cybersecurity technologies.
• Proactively identify areas for risk reduction and security automation.
• Collaborate across teams to build a culture of security-first thinking in everything we build and deploy.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related field.
• Strong experience in cybersecurity roles focused on application and cloud environments, preferably in senior or lead-level positions.
• Strong understanding of secure coding, web security standards (e.g., OWASP Top 10), and CI/CD security practices.
• Hands-on experience with CI/CD security.
• Programming or scripting experience in Python or a general-purpose language such as Java, Kotlin, Go, or Ruby is preferred.
• Familiarity with AWS security services, IAM policies, and network security configurations.
• Strong understanding of IAM, SSO/SAML, and API security.
• Experience with vulnerability scanners, container security, and code analysis tools (e.g., Snyk, Trivy, Semgrep).
• Exposure to infrastructure-as-code (e.g., Terraform, CloudFormation) and cloud-native security tools like AWS Config, GuardDuty, and Security Hub.
• Experience with WAFs, penetration testing, and vulnerability management tools.
• Hands-on exposure to SIEM, IDS/IPS, incident response, and cloud-native threat detection.
• Experience with MDM, SSO/SAML, and endpoint protection tools.
• Awareness of compliance frameworks such as ISO 27001, SOC 2, and PDPA.
• Relevant certifications such as CompTIA Security+, AWS Certified Security, or equivalent.
• Ability to clearly communicate security risks and remediation paths to engineering and platform teams.and SaaS management.

About Flo Energy

Hi, we are Flo! We are on a mission to switch as many people and businesses as possible to affordable, renewable solutions.

We began in a small shophouse in Singapore and have grown rapidly ever since, expanding into Australia with even bigger plans ahead.

Unlike other retailers, we have built our own best-in-class energy platform entirely in-house. Designed specifically for the sector, it automates complex processes and keeps costs down, letting us offer genuinely affordable products to our customers.

Behind Flo is a diverse team of passionate engineers, data scientists, operators, and energy experts. We come from different backgrounds, but we are united by the shared goal of creating a more sustainable future. If you want to make an impact and help accelerate the renewable energy transition, we would love to meet you.

Find out more about us on https://floenergy.sg/business