Security Engineer

Where multiple locations are listed for this role, the position may be based in any of those locations, with priority determined according to the order of listing.

At Simular, we're building the next generation of computer use agents — AI systems that operate computers exactly as humans do. As our first dedicated security hire in Singapore, you'll own security end-to-end: hardening the applications our users touch, the infrastructure our agents run on, and the new and evolving attack surface introduced by autonomous AI agents themselves.

This is a hands-on, builder-style role. You won't be writing policy documents from an ivory tower; you'll be reading code, fixing it, and shipping the tooling that keeps Simular safe as we scale.

What you'll do

• Own application security across our product surface: threat modeling, secure code review, SAST/DAST, dependency and supply-chain hygiene

• Harden our cloud and infrastructure: AWS/GCP configuration, Kubernetes, secrets management, network boundaries, CI/CD pipeline security

• Build the security foundation for our agent platform: sandboxing, permission boundaries, prompt-injection defenses, data exfiltration controls, and safe tool execution

• Partner with engineering and research to bake security into product design from day zero, not bolted on later

• Run incident response and lead investigations when things go wrong; build the playbooks so the next one is faster

• Drive vendor reviews, customer security questionnaires, and the compliance work needed as we move upmarket (SOC 2, ISO, etc.)

• Establish the security culture: lightweight processes, useful tooling, clear ownership; scrappy, not bureaucratic

You might be a fit if

• You have a BS/MS in Computer Science or equivalent experience, with 3-6 years in security engineering

• You're a strong engineer first: comfortable shipping code in Python, Go, or TypeScript, not just reviewing others'

• You have hands-on experience across two or more of: AppSec, cloud security (AWS/GCP), container/Kubernetes hardening, CI/CD security

• You understand modern threat models: supply-chain attacks, identity and secrets, web app vulnerabilities, infrastructure misconfiguration

• You're genuinely curious about AI and agent security: how prompt injection works, how to sandbox autonomous tool use, how to reason about data flow in agentic systems

• You thrive as the first security hire: you can prioritize ruthlessly, build from zero, and earn trust by shipping rather than blocking

• Bonus: red-team or offensive security background, experience securing ML/AI pipelines, or prior early-stage startup experience