Simular

Security Engineer

3w ago
WorldwideSenior
Simular

Security Engineer

3w ago
WorldwideSeniorawsgcpkubernetessastdastci/cdthreat modelingsecrets management

Responsible for end-to-end security including application security, infrastructure hardening, and building security foundations for autonomous AI agents.

Other

  • Where multiple locations are listed for this role, the position may be based in any of those locations, with priority determined according to the order of listing.
  • At Simular, we're building the next generation of computer use agents — AI systems that operate computers exactly as humans do. As our first dedicated security hire in Singapore, you'll own security end-to-end: hardening the applications our users touch, the infrastructure our agents run on, and the new and evolving attack surface introduced by autonomous AI agents themselves.
  • This is a hands-on, builder-style role. You won't be writing policy documents from an ivory tower; you'll be reading code, fixing it, and shipping the tooling that keeps Simular safe as we scale.
  • What you'll do
  • • Own application security across our product surface: threat modeling, secure code review, SAST/DAST, dependency and supply-chain hygiene
  • • Harden our cloud and infrastructure: AWS/GCP configuration, Kubernetes, secrets management, network boundaries, CI/CD pipeline security
  • • Build the security foundation for our agent platform: sandboxing, permission boundaries, prompt-injection defenses, data exfiltration controls, and safe tool execution
  • • Partner with engineering and research to bake security into product design from day zero, not bolted on later
  • • Run incident response and lead investigations when things go wrong; build the playbooks so the next one is faster
  • • Drive vendor reviews, customer security questionnaires, and the compliance work needed as we move upmarket (SOC 2, ISO, etc.)
  • • Establish the security culture: lightweight processes, useful tooling, clear ownership; scrappy, not bureaucratic
  • You might be a fit if
  • • You have a BS/MS in Computer Science or equivalent experience, with 3-6 years in security engineering
  • • You're a strong engineer first: comfortable shipping code in Python, Go, or TypeScript, not just reviewing others'
  • • You have hands-on experience across two or more of: AppSec, cloud security (AWS/GCP), container/Kubernetes hardening, CI/CD security
  • • You understand modern threat models: supply-chain attacks, identity and secrets, web app vulnerabilities, infrastructure misconfiguration
  • • You're genuinely curious about AI and agent security: how prompt injection works, how to sandbox autonomous tool use, how to reason about data flow in agentic systems
  • • You thrive as the first security hire: you can prioritize ruthlessly, build from zero, and earn trust by shipping rather than blocking
  • • Bonus: red-team or offensive security background, experience securing ML/AI pipelines, or prior early-stage startup experience