Product Security Engineer

About Atlas

Hello and welcome!
Atlas Consolidated Pte Ltd. owns and operates two brands: Hugosave, a B2C consumer finance app, and HugoHub, a B2B Banking as a Service platform. Atlas is Headquartered in Singapore.

Hugosave

Hugosave is a personal financial management application that puts saving first. Our initial market is Singapore, but regional and global expansion is taking place swiftly. Through our product vision of Better Budgeting, Smarter Spending, and Sustainable Saving, we aim to build financially healthy and thriving communities.

HugoHub

HugoHub is a standalone B2B technology platform consisting of both frontend experience layer and backend platforms that offer a full suite of modular banking services through a single integration. HugoHub comprises 5 key Product Pillars: 1. Accounts, Wallets & Payments, 2. Card Programmes, 3. Wealth, Savings & Investments, 4. Full Stack BaaS (Banking as a Service) and 5. Bank of API’s

Using these Product Pillars built on our platform, our clients can build financial products that delight their customers in any part of the world.

A regulated entity with strong credentials

Atlas Consolidated Pte Ltd satisfies stringent corporate governance, operations, and regulatory integrity requirements to maintain licenses from regulatory bodies, such as:

• Monetary Authority of Singapore - Major Payment Institution license and Financial Advisors license
• Ministry of Law, Singapore - Regulated Precious Metals Dealers license
• Visa Inc. - Principal Members Issuing licence

About the Role

We are seeking an experienced Product Security Engineer to join our team and help build security into every aspect of our product development lifecycle. In this role, you'll work closely with engineering, product, and DevOps teams to identify, assess, and mitigate security risks while enabling rapid and secure product delivery.

Key Responsibilities

Threat Modeling & Risk Assessment

• Design and conduct comprehensive threat modeling sessions for new features and system architectures
• Identify potential attack vectors and security vulnerabilities early in the development process
• Collaborate with product and engineering teams to prioritize security requirements based on risk assessment
• Develop and maintain threat models for existing and new products

Security Testing & Validation

• Perform security testing of web applications, mobile applications, and APIs
• Conduct static and dynamic application security testing
• Execute penetration testing and vulnerability assessments
• Review code for security vulnerabilities and provide remediation guidance
• Validate security controls and defensive measures

DevSecOps Integration

• Implement and maintain Static Application Security Testing (SAST) tools in CI/CD pipelines
• Deploy and optimize Dynamic Application Security Testing (DAST) solutions
• Establish cloud security best practices and tooling for AWS environments
• Build security gates and quality checks into development workflows
• Collaborate with DevOps teams to secure infrastructure as code

Security Automation & Tooling

• Develop automated security testing frameworks and scripts
• Build tools and integrations to streamline security processes
• Automate vulnerability scanning and reporting workflows
• Create self-service security tools for development teams
• Implement security orchestration and response automation

Security Analytics & Monitoring

• Design and implement security metrics and KPIs for product security
• Analyze security testing results and trends to identify systemic issues
• Build dashboards and reporting for security posture visibility
• Conduct security data analysis to inform strategic decisions
• Monitor and respond to security alerts and incidents

Cross-functional Collaboration

• Partner with engineering teams to provide security guidance and support
• Educate developers on secure coding practices and security requirements
• Work with product managers to balance security and business requirements
• Collaborate with infrastructure and platform teams on security architecture

Requirements

Required Qualifications

• 5+ years of experience in product security, application security, or related cybersecurity roles
• Strong background in threat modeling and secure design review.
• Extensive experience with web application security testing and mobile application security for iOS and Android platforms
• Hands-on experience with DevSecOps practices and security tool integration
• Proficiency with SAST, DAST, Cloud Security tools
• Experience with security automation and scripting (Python, Bash)
• Background in security analytics and data analysis for security insights

Preferred Qualifications

• Experience with container security (Docker, Kubernetes)
• Knowledge of infrastructure as code security (Terraform, CloudFormation)
• Familiarity with security frameworks (NIST, ISO 27001, SOC 2)
• Experience with bug bounty programs and responsible disclosure
• Experience with compliance requirements (PCI DSS, GDPR)