Manage the end-to-end lifecycle of core security solutions (including WAF, MiShield, HIDS) for Xiaomi’s international business portfolio, including configuring policies, optimizing rules, and expanding coverage to protect web/mobile applications against common threats (e.g., OWASP Top 10).
Develop real-time monitoring/alerting frameworks, analyze security logs to detect anomalous traffic and attack activities, produce root-cause analysis reports, and enhance defense strategies.
API Security Capability Development Lead the design of an API security framework for international operations, ensuring end-to-end interface protection. Create models for abnormal behavior detection and access control policies to mitigate risks like unauthorized data access and API abuse.
Integrate with API gateways/microservices, incorporate SAST/DAST tools to advance shift-left security practices, and establish developer security guidelines.
Vulnerability Management
Oversee end-to-end vulnerability processes (scanning, risk assessment, remediation) for international business. Implement high-risk vulnerability response mechanisms and collaborate with R&D teams on code-level fixes.
Monitor global threat intelligence and zero-day vulnerabilities, organize regular red/blue team exercises, and refine emergency response protocols.
Compliance and Collaboration Support
Ensure security operations adhere to regional regulatory standards, including GDPR and Singapore Personal Data Protection Act (PDPA), and prepare compliance audit reports.
Collaborate with international business units, local compliance teams, and third-party vendors to deliver security technical support and training.
Job Requirements
Education and Experience Bachelor’s degree or higher in Computer Science, Information Security, or a related field.
Technical Skills Expertise in operating security products (e.g., WAF, IDS).
Proficiency in API security design/protection, including OWASP API Top 10 knowledge and gateway security policy deployment.
Familiarity with vulnerability management processes and tools (e.g., Nessus, Burp Suite), along with the ability to reproduce vulnerabilities and validate remediation efforts.Proficiency in scripting languages like Python/Shell; experience in developing security automation tools is an advantage.
Core Competencies Knowledge of international data security regulations and compliance requirements, with effective cross-regional team collaboration skills.
Fluency in English and Mandarin (spoken and written) for daily work; professional certifications such as CISSP or CSSLP are preferred.
Strong sense of responsibility and problem-solving abilities, with the capacity to respond to unexpected security incidents.
Bilingual in English and Mandarin In order to communicate with regional customers and China office colleagues.
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Back End Developer Full-Time Jobs in Singapore.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip
GrabJobs is the no1 job portal in Singapore, connecting you to thousands of jobs fast!
Find the best jobs in Singapore, apply in 1 click and get a job today!