Plaud - Security Engineer, Infra & Operations - Singapore

• You will own both the detection & response layer and the cloud infrastructure security foundation at Plaud — two domains that must operate in lockstep to deliver SOC 2 Type II audit readiness by Q4 2026. • Cloud & Infrastructure Security — Remediate credential exposure across AWS/GCP production environments, deploy and tune CSPM across all accounts, embed IaC security gates (Checkov/Terraform) into CI/CD, and implement Zero Standing Privileges via JIT/CIEM. • SIEM Build & Detection Engineering — Deploy the SIEM platform and author 30+ MITRE ATT&CK-mapped detection rules spanning cloud telemetry, endpoint, and SaaS — with ongoing tuning to reduce false positives and maintain coverage fidelity. • Incident Response — Own the IR lifecycle end-to-end: develop playbooks across a minimum of 4 incident categories, lead cross-functional response for P1/P2 events, and drive MTTD to ≤60 minutes. • SOC 2 TII Operational Evidence — Produce and maintain the continuous evidence package required for audit — log retention, alert records, control review cadences, and written control narratives for Cloud Security and SecOps domains. • Security Reporting & Risk Governance — Publish monthly security reports to leadership, deliver H1 risk governance reports, and maintain vulnerability SLA compliance ≥90% with clear remediation tracking. • Skills, qualifications and experience we look for • 5+ years of hands-on security engineering experience with demonstrable depth in at least one of: cloud security (AWS/GCP, CSPM, IAM, IaC) or security operations (SIEM, IR, SOAR, detection engineering) — and working fluency in the other. • Proven ability to build security infrastructure from zero: tool selection, baseline configuration, and policy definition without inheriting a mature program or existing runbook. • Strong working knowledge of MITRE ATT&CK, CIS Benchmarks (L1/L2), cloud-native security tooling (AWS Security Hub, GCP SCC, or equivalent CSPM), and log source integration across cloud and endpoint layers. • Familiarity with SOC 2 TII control requirements — specifically CC6 (logical access), CC7 (monitoring & detection), and the operational evidence standards expected by a third-party auditor. • Routinely uses LLMs as part of daily security workflow — alert summarization, detection rule generation, SOAR playbook drafting, or IaC policy automation. Will demo last-2-weeks AI usage during interview.