Senior Cybersecurity / DevSecOps Consultant

OUR STORY

Let’s be honest: there are lots of people out there doing what we do. We’re just not convinced they’re doing it right. Businesses are hungry for innovation and opportunity, but not at the cost of their independence. At Ollion, we’ve connected companies and capabilities around the world to help ambitious organizations make the most of their transformation and leave the status quo in the dust.

WORKING AT OLLION

Innovation is risky. It demands bold steps and big questions, but that’s the price of making change. We’ve got our head in the cloud and two feet on the ground, channeling tech’s endless potential towards a single goal: making a world of difference. And we’re building a global team to do just that— a team capable of making game-changing breakthroughs without ever losing sight of the people it will impact. This is more than consulting. This is the change you can be.

THE OLLION DIFFERENCE

At Ollion, we’re all in on your independence. Our teams are seasoned. Our solutions are straightforward—sometimes even groundbreaking. And our engagements? Exactly as long as you want them to be. We deliver fresh thinking and hard-earned insight in a way that works for you and your customers, arming your organization with everything you need to make your transformation truly mean something.

WORKING WITH OLLION (our clients’ experiences)

Progress matters more than process. Our global team of cloud-native pros is all about creating new and better ways to work—not just by solving your tech challenges, but by using technology to solve your business challenges. We keep the formulas, frameworks, and ten-point plans to a minimum, tackling your most pressing problems with a proprietary mix of good-old-fashioned ingenuity and refreshing humanity.

DIVERSITY AT OLLION 

One of our cultural keystones, ‘Find the angle’ recognizes that every individual has different aspirations, needs and brings a unique perspective. 

We value diversity, inclusion, and equity (DE&I) as core to our success. We believe that a diverse workforce brings together unique perspectives, experiences, and ideas, leading to innovation, creativity, and better outcomes for our clients and our organization. We are on a journey and are committed to building a workplace that celebrates and respects individuals from all backgrounds, including but not limited to race, ethnicity, gender, sexual orientation, age, disability, and cultural heritage.  

As our commitment to diversity and inclusion is reflected in our: 

• Awareness and sensitisation programs: to create awareness and sensitisation. We encourage open dialogue, active listening, and mutual respect, creating a safe and supportive environment for everyone to contribute their unique perspectives and ideas. 
• Dedicated efforts to building diverse teams: that leverage the strength of our differences to tackle complex challenges and drive innovation. By embracing diversity, we broaden our collective knowledge, enhance problem-solving capabilities, and unlock limitless potential for our employees.

We are looking for an experienced and forward-thinking Senior Cybersecurity / DevSecOps Consultant to join our Singapore  team. In this role, you will lead security initiatives across the software development lifecycle, drive secure DevSecOps practices, and enhance the organization's cyber resilience through proactive governance, technical assurance, and automation. The ideal candidate has deep technical expertise, strong stakeholder engagement capabilities, and a passion for integrating security into agile, cloud, and DevOps environments.

Key Responsibilities

• Lead Agile Threat Modelling engagements, embedding security into agile workflows and DevOps processes.
• Review and improve security processes, identifying gaps in Change Management, Business Continuity Planning, Incident Response, Patch Management, and Risk Assessment & Mitigation
• Conduct security architecture reviews across on-prem and cloud environments; provide risk-informed guidance to solution architects and delivery teams.
• Implement and manage an enterprise-level vulnerability management program, integrating scanning, triage, and remediation workflows.
• Build, secure, and maintain DevSecOps pipelines, integrating SAST, DAST, dependency scanning, and IaC security tools.
• Define and drive Governance, Risk, and Compliance (GRC) strategy and operations in alignment with internal policies and industry standards (e.g., NIST, ISO 27001).
• Conduct source code reviews and support secure coding practices within development teams.
• Guide implementation of data protection controls, including data inventory, classification, and access governance.
• Provide security guidance for cloud-native services (AWS, Azure, GCP), leveraging cloud security controls and monitoring tools.
• Collaborate with internal red teams or third-party vendors on penetration testing and post-test remediation.
• Act as a security advisor to cross-functional teams, fostering a culture of security and ownership across the technology organization.
• Lead stakeholder engagement to enforce adherence to security standards and promote a risk-aware culture.

• 7+ years of experience in cybersecurity, including roles focused on application security, DevSecOps, cloud security, or risk management.
• Strong expertise in secure software development, agile threat modelling, and SDLC security integration.
• Proven ability to lead DevSecOps adoption in complex CI/CD environments.
• Practical experience with cloud platforms (AWS, Azure, or GCP) and associated security best practices.
• Strong knowledge of vulnerability management tools, SAST/DAST scanners, IaC analysis, and source code review techniques.
• Solid understanding of data protection, privacy regulations, and security controls for data lifecycle management.
• Familiar with GRC frameworks (e.g., ISO 27001, NIST CSF, CIS Benchmarks) and able to implement security policies in alignment with them.
• Strong collaboration, communication, and influence skills across technical and business teams.

Preferred Certifications

• OSCP, OSWE – Offensive Security certifications
• AWS Certified Security – Specialty, Microsoft AZ-500, Google Professional Cloud Security Engineer
• CCSP – Certified Cloud Security Professional
• CISSP – Certified Information Systems Security Professional
• Practical DevSecOps Professional/Expert

BENEFITS & PERKS FOR WORKING AT OLLION

Our employees multiply their potential because they have opportunities to: Create a lasting Impact, Learn and Grow professionally & personally, Experience great Culture, and Be your Whole Self!

Beyond an amazing, collaborative work environment, great people, and inspiring, innovative work, we have some great benefits and perks:

• Benchmarked, competitive, in-market total rewards package including (but not limited to): base salary & short-term incentive for all employees
• We are a virtual-by-default, small but Global organization; ‘learn wherever, whenever’ frees our people from a rigid view of learning and growth
• Retirement planning (i.e. CPF, EPF, company-matched 401(k))
• Globally, we build benefit plans that offer choices for whatever stage in life our employees are in and allow for flexibility as life happens.  Employees have access to a fully comprehensive benefits package to choose the medical, dental, and vision insurance plan that best fits their lives. In addition to great healthcare coverage, we also offer all employees mental health resources and additional wellness programs.
• Generous time off and leave allowances
• And more!

Ollion is an equal opportunity employer. We celebrate diversity and we are committed to creating an inclusive environment for all employees. Ollion does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, parental status, military service, or other non-merit factor.