Senior Cyber Specialist | Singapore, SG

Do meaningful work with us. Every day.

At Amplify Health, we're looking for individuals with ambition, resilience and passion for healthcare, insurance, wellness and digital technology. As a fast-growing business with the ambition of making people and communities across Asia healthier, we have exciting career opportunities available to help us achieve our vision.

As the Infrastructure and Data Protection Lead, you will play a critical role in safeguarding our organization's technology stack and ensuring a secure operating environment. This role involves developing, implementing, and managing comprehensive strategies to secure platforms, applications, networks, and data. Your primary role will be in setting the standards, and design patterns for the following areas of security, and working with our platform team to ensure the correct implementation and ongoing compliance with these standards.

Who we are
Amplify Health Asia Pte. Limited (Amplify Health) is a leading health technology and analytics organisation, providing our customers with integrated solutions to improve outcomes for individuals and the sustainability of health systems.

What you will do
Platform Security and Cloud Security

• Lead the security of our Azure cloud environment by setting standards, designs patterns and processes identity-based access controls, encryption, and monitoring tools to ensure compliance and security.
• Advise the platform team on the hardening of Kubernetes clusters, and in the implementation of runtime security measures.
• Collaborate with platform and DevOps teams to address platform-specific vulnerabilities and risks.

• Define and enforce security standards for internally developed and third-party applications.
• Govern and monitor the use of security tools like GitHub Advanced Security, CodeQL, and Trivy into our CI/CD pipelines to detect and remediate vulnerabilities early in the software development lifecycle.
• Promote secure coding practices through development of best practices, and developer training.

• Deploy and maintain tools such as Microsoft Defender and Azure Update Manager, in collaboration with platform and IT teams, to regularly scan systems for vulnerabilities and apply patches promptly.
• Develop a formal process for managing CVEs, including triage, risk assessment, and remediation workflows.

• Set and maintain standards for network security, including platform perimeter security and SSE.
• Review the implementation of Checkpoint NVAs for platform security and Cloudflare Zero Trust for endpoint security, ensuring minimal exposure to threats.
• Design and maintain secure connectivity models, including VPNs and secure access to cloud resources.
• Conduct periodic reviews of network configurations to detect and address potential risks.

• Administer the internal PKI using EZCA for private certificate issuance and renewal.
• Oversee public certificate procurement using Let's Encrypt and third-party providers to maintain the security of public-facing services.
• Implement automation for certificate lifecycle management to reduce manual intervention and potential errors.

• Establish and document security architecture based on the MITRE framework, ensuring alignment with business objectives.
• Introduce a threat modeling process to identify risks in applications and infrastructure, leveraging frameworks like STRIDE or OWASP.
• Provide recommendations to address identified threats during the design phase of new systems.

• Co-design and govern secure configuration baselines for cloud environments.
• Jointly implement Azure Policy to enforce secure configurations across resources, such as enabling encryption, restricting public access, and ensuring compliance with regulatory standards.
• Regularly review and update configurations to align with evolving security requirements and best practices.

• Develop and execute strategies to protect workloads, data, and configurations within Azure cloud environments.
• Implement monitoring and incident response capabilities for cloud-based threats.

What you need to be successful

• Min 6-7 years of hands-on experience in cybersecurity roles, with a focus on cloud and platform security.
• In-depth expertise in Azure security, Kubernetes management, and modern cloud technologies.
• Proficiency with tools like Microsoft Defender, Azure Update Manager, and CI/CD pipelines.
• Familiarity in PowerShell and Bash scripting for automation and tool integration (Desired)
• Knowledge of ISO27001 and CCM compliance standards.
• Qualifications: Certifications such as CISSP or Azure Security Engineer Associate.