Senior Security Engineer

ABOUT PERCEPTRA

Perceptra is the leading deep health tech startup in Thailand. Our aim is to develop the artificial intelligence platform for the healthcare industry. Currently our first product Inspectra CXR is the best AI software for chest x-ray analysis in the SEA market, with 8 deep learning services deployed on the cloud supporting Radiologists workflow through website interface and API services connected directly to hospital's IT systems. Today, our platform is actively used by 30+ hospitals nationwide.

ABOUT THE POSITION

Perceptra is the leading deep health tech startup in Thailand. Our aim is to develop the artificial intelligence platform for the healthcare industry. We developed Inspectra CXR, the best AI software for chest x-ray analysis in the SEA market supporting Radiologists workflow in more than 200+ hospitals. Our company also develops high-quality AI services for breast cancer screening, diabetic screening from retinal images, and brain hemorrhage detection with recognized partners such as Siriraj Hospital and Google Health.

As a Senior Security Engineer at Perceptra, you will take a leading role in strengthening the security posture of the infrastructure, platforms, and engineering workflows that power our AI-driven healthcare solutions. You will design and implement practical security controls across cloud and on-premise environments, improve secure software delivery practices, support compliance readiness, and work closely with System Team, DevOps, RD, and product teams to reduce real-world risk without slowing down business-critical operations.

This position is ideal for security engineers who are passionate about cloud security, Kubernetes security, DevSecOps, vulnerability management, security monitoring, and resilient system design—and who want to work at the intersection of AI, healthcare, and high-impact technology. You will be part of a mission to improve clinical outcomes through scalable, secure, and intelligent healthcare systems.

ROLES AND RESPONSIBILITIES

• Security Engineering Leadership: Lead and drive internal security engineering initiatives across infrastructure, platform, and software delivery environments, ensuring alignment with business goals, operational realities, and technical standards.
• Cloud & Infrastructure Security: Design, implement, and continuously improve security controls for cloud (AWS) and on-premise environments, including network boundaries, firewall policy design, network segmentation, access control, secrets handling, workload isolation, and hardening baselines.
• Kubernetes & Container Security: Strengthen the security posture of containerized AI applications and Kubernetes-based environments by improving image security, runtime protections, workload configurations, service account boundaries, and cluster hardening practices.
• Secure SDLC & DevSecOps: Lead the implementation and adoption of DevSecOps practices across development and release pipelines, including SAST, dependency scanning, container scanning, and security gating in CI/CD workflows.
• Vulnerability Management & Remediation: Own the triage, prioritization, and remediation workflow for infrastructure, container, dependency, network, and platform vulnerabilities, including vulnerability assessment (VA) scanning programs, with focus on critical and high-risk exposures and measurable follow-through.
• Application Security: Drive secure-by-design principles across applications and APIs by conducting security architecture reviews, implementing secure API design practices, and performing threat modeling and abuse-case analysis. Ensure security is embedded throughout the development lifecycle, including secure integration patterns and risk assessment for evolving product ecosystems.
• Monitoring, Detection & Incident Readiness: Improve security monitoring, alerting, logging, and detection coverage across cloud and production systems; support incident response, root cause analysis, evidence collection, and preventive control improvements.
• Compliance & Audit Support: Translate compliance requirements into technical implementation and evidence, supporting standards and customer expectations related to healthcare and information security environments (e.g., ISO 27001, ISO 13485, HIPAA, GDPR).
• Business Continuity & Resilience: Contribute security expertise to business continuity planning, backup/recovery design review, disaster recovery readiness, and operational resilience for customer-facing and internal critical systems.
• Internal Security Testing & Validation: Plan, coordinate, and support internal penetration testing and technical security validation activities across infrastructure, internal services, and critical environments; translate findings into prioritized remediation actions and control improvements.
• Cross-functional Collaboration & Mentorship: Work closely with DevOps, RD, product, QA, and management stakeholders to embed security into everyday engineering decisions, and provide guidance to junior engineers where needed.

QUALIFICATIONS & SKILLS

• Education: Bachelor's or Master's degree in Computer Engineering, Computer Science, Cybersecurity, Information Systems, or a related technical field.
• Senior Experience: 5+ years of hands-on experience in Security Engineering, DevSecOps, Cloud Security, Infrastructure Security, or related roles, with clear ownership of production-grade systems and security improvements.
• Cloud & Infrastructure Security: Strong experience securing AWS environments (EC2, S3, IAM, VPC, EKS, RDS, Lambda) including network security (VPC, ACLs, security groups, firewall policies), Kubernetes/container security, workload isolation, Linux system administration and hardening (Ubuntu-based environments, CIS benchmarks, secure configurations), and observability/monitoring (e.g., CloudWatch, Prometheus, Grafana).
• Application Security & Secure Engineering: Solid understanding of API security, secure system design (secure-by-design), threat modeling, and abuse-case analysis. Experienced in IAM design, access control (least privilege), and secrets management across distributed systems.
• DevSecOps, Automation & Security Testing: Hands-on experience with Infrastructure as Code (Terraform, CloudFormation, Ansible), CI/CD security controls, vulnerability scanning, and internal penetration testing coordination. Proficient in scripting (Bash, Python) to automate security workflows and improve posture at scale.
• Communication & Leadership: Strong communication, stakeholder management, and cross-functional collaboration skills; capable of translating security risk into practical engineering actions and business impact.
• Continuous Learning: Highly motivated, proactive, self-directed, and continuously seeking to expand technical and security knowledge through hands-on work, research, projects, and certifications.

Bonus Skills:

• Experience with CNAPP/CSPM/CWPP or related cloud security platforms.
• Experience with network security controls, firewall policy review, segmentation design, or hybrid environment security architecture.
• Experience supporting regulated environments such as healthcare, medtech, or enterprise B2B security reviews.
• Familiarity with tools such as Vault, Wazuh, Teleport, ArgoCD, GitOps workflows, or container/runtime security tooling.
• Experience supporting ISO 27001 implementation, internal/external audits, or security evidence preparation.
• Experience with AI/ML workloads, model serving environments, or hybrid cloud and on-premise deployment architectures.
• Cybersecurity certifications across cloud security, application security, Kubernetes security, or security leadership (e.g., AWS Certified Security – Specialty, CKS, CISSP, CISM, CSSLP, CCSP), or equivalent, are a plus.

BENEFITS AND PERKS

• Competitive senior-level salary based on skills and experience, with performance bonuses.
• Employee stock options with senior-level equity participation.
• Comprehensive life and health insurance package with regular health check-ups.
• Premium perks: MacBook Pro, annual company retreat, conference attendance budget.
• Access to unlimited online courses for professional development and team training budget.
• Convenient office location near BTS Thonburi.
• Flexible work-from-home options 2–4 days per week with senior-level flexibility.