Jobfoundry
Jobfoundry
Thales

Cybersecurity Engineer

Thales
Aerospace & DefenseSINGAPOREFull-time1 months ago
Apply Now

About the role

AI summarised

Thales is seeking a Cybersecurity Engineer to join their Air Traffic Management Systems team. The role involves embedding security into the software development lifecycle, working across two agile squads to implement DevSecOps practices, manage vulnerabilities, and ensure compliance with security standards.

Aerospace & DefenseFull-timeGeneral

Key Responsibilities

  • Ensure that static and dynamic application security testing (SAST/DAST) is enabled, updated in the CI/CD pipelines. Identify, triage and help remediate security vulnerabilities in Kubernetes clusters, applications and dependencies.
  • Embed security checks into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning, IaC security). Automate security testing and integrate with the team's GitOps/DevOps workflows.
  • Partner with developers in the team to provide secure coding practices. Evangelize and train team members on security best practices and emerging threats.
  • Support the team in developing secure logging, monitoring and alerting strategies. Participate in incident response planning and post-incident reviews.
  • Set up and manage continuous security monitoring tools to detect and respond to security incidents in real-time.
  • Ensure compliance with relevant industry standards and regulations and conduct regular security audits.
  • Maintain clear and up-to-date documentation of security architecture, in addition to security policies, procedures, and incident response plans, Security Management Plan.
  • Provide regular reports on the cybersecurity status, including vulnerability assessments, threat modelling results, and incident response activities, to the product owners and other stakeholders.
  • Collaborate with InfoSec and Compliance teams to run regular security audits, risk assessments and data assessments.
  • Work in an agile, cross-functional multinational team, actively engaging to support the success of the team.

Requirements

  • Bachelor's degree in computer science, Cybersecurity, or a related field.
  • Strong knowledge of secure coding practices in Java, Kotlin, Python, or C++.
  • Proven experience in Cloud Infrastructure and Kubernetes security (e.g., containers, service mesh).
  • Familiarity with application security tools (e.g., SonarQube, Checkmarx, OWASP ZAP, Trivy).
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
  • Knowledge of information security concepts like End-point Security, End-point Management, Public Key Infrastructure (PKI), Security Information & Event Management (SIEM), Privileged Access Management (PAM), Multi-factor Authentication (MFA).
  • Excellent written and verbal communication skills and high level of personal integrity.
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
  • Strong problem-solving abilities and attention to detail.
  • Certified Professional with: Information Systems Security Professional (CISSP) Cybersecurity Maturity Model Certification (CMMC) ISO 27002:2013, NIST SP 800-53.
  • Possess learning agility, flexibility and pro-activity.
  • Comfortable with agile teamwork and user engagement.