Senior Cyber Specialist

About Amplify Health

Who We Are

Amplify Health is Asia's leading health technology and analytics organisation, providing our customers with integrated solutions to make healthcare more accessible, affordable and effective across the region.

We offer a unique B2B business model and integrated stack of SaaS-based products, PaaS-based HealthTech launchpad and DaaS-based on-demand data offerings to deliver impact to our customers across the healthcare value-chain.

Our joint-venture partners, AIA and Discovery, have provided us with the foundations and a platform that truly differentiates us from our competitors and allows us to build and deploy products at a scale and quality that few can match.

We aim to be the trusted custodian of Asia's largest repository of health data, unifying financial, clinical, operational and behavioural data to empower our customers with insights that highlight opportunities to deliver better value and care outcomes.

Our Vision and Ambition

To build the leading healthcare AI and platform services company in Asia that transforms the delivery of health and wellness for patients and communities by combining and leveraging the distinctive and complementary assets and strengths of AIA and Discovery.

Amplify Health will simplify access to health data and AI Innovation to accelerate distinct and disruptive healthcare value insights and resulting improvements in health outcomes through value-based care, personalised care plans and aligning individuals lifestyle/ behavioural choices.

By 2028, Amplify Health will have in place one of Asia's strongest health-tech and AI capabilities; a comprehensive, integrated health technology stack supported by precision insights derived from proprietary data pools.

The Position

Summary

As a member of the Cybersecurity team, you will help strengthen and maintain Amplify Health's security posture across multiple domains, including but not limited to Vulnerability Management, Application Security, Security Operations, Data Loss Prevention (DLP), Security Reporting and Monitoring.

You will be responsible for supporting vulnerability assessments, assisting with security reviews, operating security processes, and contributing to audit and compliance activities. This role requires strong organizational skills and collaboration across cross-functional teams such as Platform, Operations, Risk & Compliance, and DevOps.

Responsibilities

Primary Responsibilities:

Security Architecture & Assurance

• Lead security architecture reviews for new and existing systems, ensuring alignment with Amplify Health's security standards and Group requirements.
• Define secure design patterns and perform threat modeling for applications and cloud-native workloads.
• Conduct security risk assessments and recommend mitigation strategies for identified gaps.
• Integrate security testing into CI/CD pipelines, ensuring automated checks for vulnerabilities, secrets and misconfigurations.
• Assess third-party and vendor security controls, including contractual and security compliance obligations.
• Provide guidance on emerging technologies and architectural improvements to enhance security posture.

Security Operations Centre (SOC)

• Monitor and analyze security events using SIEM tools to detect anomalies and potential threats.
• Lead incident response activities, including containment, eradication, and recovery, following established playbooks.
• Perform advanced threat hunting and digital forensic investigations (DFIR) for complex incidents.
• Conduct and coordinate vulnerability assessments and penetration testing to identify weaknesses in systems and applications.
• Support Security automation and orchestration (SOAR) initiatives to streamline detection and response workflows.
• Prepare SOC reports and metrics for management, highlighting trends and improvement opportunities.

Secondary Responsibilities:

Vulnerability Management

• Manage the end-to-end vulnerability lifecycle: identification, assessment, prioritization, and remediation tracking.
• Integrate automated scanning tools (SAST, DAST, dependency checks, container image scanning) into CI/CD pipelines.
• Enforce mandatory remediation of Critical and High severity vulnerabilities before production release.
• Apply a standardized risk rating matrix (Likelihood, Exploitability, Impact) for prioritization and reporting.
• Stay updated on emerging threats, CVEs, and exploit trends; recommend improvements to scanning tools and workflows.

Data Loss Prevention

• Assist in implementing DLP strategies across endpoints, networks, and cloud environments.
• Support data classification and labeling initiatives to protect sensitive information.
• Contribute to DLP incident response workflows and reporting for compliance and audit readiness.

SecOps

• Maintain security documentation, including policies, SOPs, and governance frameworks.
• Manage security exceptions and ensure compliance with BAU governance standards.
• Support Jira-based workflows for security tasks, incident tracking, and audit readiness activities.
• Collaborate with engineering teams to embed security controls into operational processes.

Candidate Profile

Experience and Qualifications

• Over 6-8 years of experience in security architecture, security assessments, and SOC operations.
• Hands-on experience with threat modeling frameworks (MITRE ATT&CK, STRIDE) and risk assessment methodologies.
• Strong knowledge of cloud security architecture (Azure), CI/CD security integration, and security tools (SIEM, SOAR, DLP, SAST/DAST).
• Familiarity with secure design principles, application security, and third-party risk assessments.
• Understanding of regulatory frameworks (ISO 27001, NIST CSF, GDPR) and compliance requirements.
• Relevant certifications preferred: CISSP, CCSP, CISM.
• Bachelor's degree required in Information Technology / Computer Science; specialisation in Information Security would be advantageous.

Competencies & Core Characteristics:

We are seeking a leader who embodies the following competencies and characteristics essential for success in our scale-up environment:

• Technical Domain Expertise: Demonstrates deep proficiency across security architecture, cloud security, vulnerability management, and SOC operations. Applies recognized security frameworks to drive robust and scalable security controls. Serves as the go‑to expert for translating technical threats into practical risk mitigation strategies.
• Strategic Architect: Thinks beyond immediate risks to design long‑term, secure-by-design architectural patterns and guardrails. Anticipates evolving threat landscapes and embeds forward‑looking security roadmaps into platform, product, and engineering strategies. Balances innovation with risk governance to support the company's scale-up trajectory.
• Unifier & Cross-Functional Influencer: Collaborates seamlessly with engineering, platform, operations, product, and risk teams to embed security into every stage of the lifecycle. Communicates complex technical concepts in clear, actionable terms that drive alignment and informed decision‑making. Builds trusted relationships that enable security to function as a business enabler, not a blocker.
• Data-Driven Decisiveness: Makes timely, well‑reasoned decisions grounded in quantitative data, threat intelligence, vulnerability metrics, and SOC insights. Prioritizes based on impact, exploitability, and business context. Leverages dashboards and analytics to shape recommendations, influence stakeholders, and track measurable improvements in security posture.
• Resilient Operator: Performs effectively in high‑pressure environments, especially during incidents, time‑sensitive remediations, and audits. Demonstrates composure, structured thinking, and clear communication in crisis situations. Persists through ambiguity and complexity, adapting quickly to shifting priorities while maintaining high standards of execution.
• Insatiable Curiosity: Continuously explores emerging technologies, threat vectors, and industry best practices—bringing fresh insights to improve security architecture and operations. Challenges assumptions and seeks innovative approaches to strengthen defenses, optimize tools, and automate processes. Demonstrates a strong learning mindset and desire to stay ahead of adversaries.

Join Us

If you are passionate about leveraging data to drive healthier outcomes across Asia and thrive in a dynamic, mission-driven environment, we encourage you to apply.

Amplify Health is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.