Cybersecurity Engineer

At Toku, we create bespoke cloud communications and customer engagement solutions to reimagine customer experiences for enterprises. We provide an end-to-end approach to help businesses overcome the complexity of digital transformation and deliver mission-critical CX through cloud communication solutions. Toku combines local strategic consulting expertise, bespoke technology, regional in-country infrastructure, connectivity, and global reach to serve the diverse needs of enterprises operating at scale. Headquartered in Singapore, Toku supports customers across APAC and beyond, with a growing footprint across global markets.

This is a hands-on cybersecurity role focused on strengthening Toku’s security operations across infrastructure, cloud, systems, and networks. You will help implement security controls, monitor risks, respond to incidents, and improve the way we protect our platforms and data. This is not a pure governance or policy role; it is a practical security operations position within the Infrastructure & Cybersecurity function. You will thrive in this role if you enjoy hands-on security work and want to help build stronger security practices in a growing technical environment.

What you will be doing

• Security operations: Monitor, investigate, and respond to security events, alerts, threats, and incidents across systems, networks, cloud infrastructure, and endpoints.

• Security controls & guardrails: Implement and maintain practical security controls across infrastructure, access, firewall, endpoint, cloud, and system environments.

• Incident response: Support security incident response activities, including investigation, containment, root cause analysis, and follow-up remediation.

• Vulnerability management: Identify, assess, prioritise, and help remediate vulnerabilities across operating systems, infrastructure, applications, and supporting services.

• Cloud & infrastructure security: Support security hardening and best practices across AWS and hybrid infrastructure environments.

• Access & account security: Help manage and improve access control, password controls, account security, permissions, and related operational processes.

• Firewall & network security: Review firewall rules, network access, and infrastructure security configurations to ensure appropriate protection and best practice alignment.

• Security monitoring tools: Support the use, improvement, or implementation of security monitoring tools, including Security Information and Event Management (SIEM) solutions where relevant.

• Security testing & assessments: Conduct or support vulnerability assessments, risk assessments, security control testing, and remediation tracking.

• External audits & assessments: Liaise with external vendors, penetration testers, or security auditors where needed, and help close security findings.

• Process improvement: Create and improve security procedures, runbooks, and operational practices that help meet Toku’s internal security requirements.

• Cross-functional collaboration: Work closely with infrastructure, engineering, compliance, and business teams to implement practical security improvements.

We’d love to hear from you if you have

• Cybersecurity operations experience: At least 3 years of relevant hands-on cybersecurity, security operations, infrastructure security, or cloud security experience.

• Hands-on security implementation: Practical experience implementing security controls, guardrails, monitoring, and remediation activities in real production environments.

• Infrastructure security background: Strong understanding of systems, networks, firewalls, access control, endpoint security, and infrastructure hardening.

• Cloud security experience: Experience securing cloud environments, ideally AWS, including cloud access controls, monitoring, vulnerability management, and security best practices.

• Incident response: Experience investigating security incidents, alerts, suspicious activity, malware, vulnerabilities, or system/network security breaches.

• SIEM exposure: Experience working with SIEM or security monitoring tools, with the ability to investigate alerts and recommend improvements.

• Vulnerability management: Experience with vulnerability assessment, remediation tracking, patching, risk assessment, or tools such as Tenable, Rapid7, Nexpose, or similar.

• Network & endpoint security: Good working knowledge of firewalls, endpoint protection, Intrusion Detection / Prevention Systems (IDS/IPS), Web Application Firewalls (WAF), and related security tools.

• Linux & Windows security: Comfortable working across Linux and Windows environments, including operating system security, patching, and hardening practices.

• Security testing awareness: Experience supporting penetration testing, vulnerability assessment, or security control testing would be valuable.

• Compliance awareness: Familiarity with security standards or frameworks such as ISO 27001, SOC 2, or similar would be advantageous, but this is not a pure governance role.

• Certifications (nice to have): Security certifications such as CISSP, cloud security certifications, CREST, SANS/GIAC, or equivalent practical experience would be an advantage.

• Independent working style: Ability to operate independently, identify gaps, recommend improvements, and follow through on practical security implementation.

• Location: This role is to be based in Bangalore – India, or Kuala Lumpur – Malaysia, operating on a mostly remote basis, with office visits as needed

Toku has been recognised as a LinkedIn Top Startup and by the Financial Times as one of APAC’s Top 500 High Growth Companies. If you’re looking to be part of a company on a strong growth trajectory while working on meaningful, real-world challenges, we’d love to hear from you.