Cybersecurity Engineer

Sourceability® is a global digital distributor of electronic components transforming how modern businesses bring products to market. With innovation, quality and logistics as the backbone of the company, Sourceability's cutting-edge products and services expedite the procurement process across a wide range of industries, including communications/cellular, consumer electronics, and auto manufacturing.

Sourceability is building a new Global Engineering Organization (GEO) to strengthen internal software delivery, production reliability, infrastructure operations, and practical security ownership across business-critical systems.

We are looking for a Cybersecurity Engineer to help implement, monitor, and improve security controls across Sourceability's systems, infrastructure, endpoints, identity platforms, and engineering delivery processes. This role will work closely with the Infrastructure & Security Manager, SysOps, DevOps, Software Engineering, DBA, and business technology teams to reduce security risk in a practical and operationally effective way.

This is a hands-on security engineering role. The Cybersecurity Engineer will support vulnerability management, access control, endpoint and server security, network security, security monitoring, incident response, DevSecOps practices, and compliance evidence collection. This role is not expected to own all corporate security governance independently, but it will be a key execution role for improving Sourceability's security posture.

The right candidate should be comfortable working in a hybrid environment with on-premise infrastructure, cloud services, distributed teams, business-critical applications, and security practices that are still being formalized as part of the GEO operating model.

This role is hybrid from our Singapore office.

Insight on Your Impact:

• Implement, maintain, and improve practical security controls across servers, endpoints, cloud services, network infrastructure, identity systems, and engineering platforms.
• Support vulnerability management, including scanning, validation, prioritization, remediation tracking, and reporting of security risks.
• Monitor security alerts and events from endpoint protection, SIEM / logging tools, vulnerability scanners, identity systems, firewalls, VPNs, and other security platforms.
• Triage security alerts, investigate suspicious activity, document findings, and escalate incidents through the agreed incident response process.
• Support security incident response activities, including evidence collection, containment support, remediation tracking, and post-incident improvement actions.
• Partner with Infrastructure / SysOps teams on server hardening, patching, configuration baselines, backup security, firewall rules, VPN access, and network segmentation.
• Partner with DevOps and Software Engineering teams to embed security into CI/CD, code repositories, dependency management, secrets handling, release readiness, and application security checks.
• Support identity and access management controls, including least privilege, role-based access, privileged account review, MFA, access reviews, and joiner / mover / leaver process improvements.
• Assist with endpoint, server, and cloud security tooling, including policy configuration, alert tuning, remediation follow-up, and operational documentation.
• Support security reviews for new systems, integrations, infrastructure changes, vendor tools, and production-impacting technology decisions.
• Help maintain security policies, standards, procedures, runbooks, and technical documentation in a practical and usable format.
• Support compliance and audit activities by collecting evidence, documenting controls, and tracking remediation items, without becoming the sole owner of compliance programs.
• Communicate security risks clearly to technical and non-technical stakeholders, including impact, priority, recommended actions, and remediation status.
• Contribute to security awareness by helping teams understand practical security expectations and common risk areas.
  
  

Your Qualifications, Your Influence:

• 3+ years of experience in cybersecurity, information security, security engineering, infrastructure security, or similar hands-on security roles.
• Practical understanding of cybersecurity principles, vulnerability management, incident response, access control, endpoint security, network security, and secure system configuration.
• Hands-on experience with security tooling such as EDR / endpoint protection, SIEM or log management, vulnerability scanners, identity platforms, firewall / VPN tools, or cloud security tools.
• Working knowledge of Windows and Linux server security, patching, hardening, logging, and operational troubleshooting.
• Understanding of network security concepts including firewalls, VPN, DNS, IDS / IPS, segmentation, remote access, and zero trust principles.
• Experience supporting identity and access management practices, including MFA, least privilege, privileged access, role-based access control, and access reviews.
• Ability to investigate security alerts, analyze logs, validate vulnerabilities, document findings, and follow issues through remediation.
• Understanding of application security concepts, secure SDLC, dependency scanning, secrets management, SAST / DAST concepts, and DevSecOps practices.
• Ability to work with infrastructure, DevOps, software engineering, DBA, and business teams to implement security controls without unnecessarily blocking delivery.
• Strong written communication skills and ability to create clear documentation, runbooks, remediation notes, and risk summaries.
• High ownership mindset, structured troubleshooting approach, and ability to operate in a distributed, multi-timezone environment.
  
  

Preferred Skills and Technical Familiarity:

• Experience with Microsoft security ecosystem, including Microsoft Defender, Microsoft Entra ID / Azure AD, Intune, Microsoft Sentinel, or related tools.
• Experience with security controls in hybrid environments that include on-premise infrastructure, cloud services, VPN, data centers, and distributed offices.
• Familiarity with Azure, AWS, or GCP security services and cloud security best practices.
• Experience supporting vulnerability remediation for Windows servers, Linux servers, network devices, endpoints, databases, and web applications.
• Familiarity with compliance frameworks or control libraries such as SOC 2, ISO 27001, NIST, CIS Controls, GDPR, or similar.
• Experience with secure configuration baselines, CIS benchmarks, patch management, endpoint management, and configuration drift detection.
• Experience with application security testing tools, dependency scanning, container scanning, or CI/CD security integrations.
• Relevant certifications such as Security+, CySA+, SSCP, CISSP Associate, CEH, Azure Security Engineer, or similar are helpful but not required.
• Background in electronic components, B2B technology, supply chain, distribution, manufacturing, logistics, e-commerce, or similar business environments.
  
  

Success in the First 90 Days:

• Understand Sourceability's infrastructure, identity systems, endpoint environment, security tooling, production platforms, and key operational risks.
• Build working relationships with the Infrastructure & Security Manager, SysOps, DevOps, Software Engineering, DBA, Product / Delivery, and business technology stakeholders.
• Review existing vulnerability management, patching, endpoint protection, IAM, logging, alerting, and incident response practices.
• Identify the highest-priority security risks and create a practical remediation tracking approach with clear owners and due dates.
• Improve visibility into active vulnerabilities, access risks, alert trends, and security remediation status.
• Help document or improve core security runbooks, including vulnerability response, security alert triage, access review, incident escalation, and remediation tracking.
• Support at least one meaningful security improvement in endpoint security, server hardening, identity controls, vulnerability management, logging, or DevSecOps integration.
• Help establish a practical security operating cadence with reporting that is useful to GEO leadership and technical owners.
  
  

What This Role Does Not Own:

This role does not independently own all corporate security strategy, legal compliance, or executive-level security governance. The Cybersecurity Engineer supports security execution, control implementation, monitoring, investigation, documentation, and remediation tracking under the direction of Infrastructure & Security leadership.

This role does not replace Infrastructure / SysOps, DevOps, DBA, or Software Engineering ownership. Instead, it partners with those teams to improve security controls, reduce risk, and ensure remediation is completed by the appropriate technical owners.

This role does not independently approve business access decisions or security exceptions. It provides risk assessment, technical validation, and recommendations for review by the appropriate business and technology leaders.

Benefits:

• Competitive salary
• Ongoing training and professional development opportunities
• Collaborative global work environment
• PTO
  
  

EQUAL OPPORTUNITY EMPLOYER.

It is our policy to abide by all federal, state and local laws prohibiting employment discrimination based on a person's race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental and/or intellectual disability, age, military status, veteran status (including protected veterans), marital status, registered domestic partner or civil union status, familial status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, sexual orientation, or any other protected status.