Simular
Security Engineer
3w ago
WorldwideSeniorawsgcpkubernetessastdastci/cdthreat modelingsecrets management
Responsible for end-to-end security including application security, infrastructure hardening, and building security foundations for autonomous AI agents.
Other
- Where multiple locations are listed for this role, the position may be based in any of those locations, with priority determined according to the order of listing.
- At Simular, we're building the next generation of computer use agents — AI systems that operate computers exactly as humans do. As our first dedicated security hire in Singapore, you'll own security end-to-end: hardening the applications our users touch, the infrastructure our agents run on, and the new and evolving attack surface introduced by autonomous AI agents themselves.
- This is a hands-on, builder-style role. You won't be writing policy documents from an ivory tower; you'll be reading code, fixing it, and shipping the tooling that keeps Simular safe as we scale.
- What you'll do
- • Own application security across our product surface: threat modeling, secure code review, SAST/DAST, dependency and supply-chain hygiene
- • Harden our cloud and infrastructure: AWS/GCP configuration, Kubernetes, secrets management, network boundaries, CI/CD pipeline security
- • Build the security foundation for our agent platform: sandboxing, permission boundaries, prompt-injection defenses, data exfiltration controls, and safe tool execution
- • Partner with engineering and research to bake security into product design from day zero, not bolted on later
- • Run incident response and lead investigations when things go wrong; build the playbooks so the next one is faster
- • Drive vendor reviews, customer security questionnaires, and the compliance work needed as we move upmarket (SOC 2, ISO, etc.)
- • Establish the security culture: lightweight processes, useful tooling, clear ownership; scrappy, not bureaucratic
- You might be a fit if
- • You have a BS/MS in Computer Science or equivalent experience, with 3-6 years in security engineering
- • You're a strong engineer first: comfortable shipping code in Python, Go, or TypeScript, not just reviewing others'
- • You have hands-on experience across two or more of: AppSec, cloud security (AWS/GCP), container/Kubernetes hardening, CI/CD security
- • You understand modern threat models: supply-chain attacks, identity and secrets, web app vulnerabilities, infrastructure misconfiguration
- • You're genuinely curious about AI and agent security: how prompt injection works, how to sandbox autonomous tool use, how to reason about data flow in agentic systems
- • You thrive as the first security hire: you can prioritize ruthlessly, build from zero, and earn trust by shipping rather than blocking
- • Bonus: red-team or offensive security background, experience securing ML/AI pipelines, or prior early-stage startup experience