About Bitdeer:
Bitdeer is a world-leading technology company for Bitcoin mining and AI cloud.
Bitdeer is committed to providing comprehensive Bitcoin mining solutions for its customers. Apart from designing industry-leading ASIC chips and manufacturing mining rigs, the Group handles complex processes involved in computing across the value chain. This includes equipment procurement, transport logistics, datacenter design and construction, equipment management, and network and facility operations. Bitdeer also offers advanced cloud capabilities to customers with a high demand for artificial intelligence.
Headquartered in Singapore, Bitdeer operates globally with a diversified 3 GW energy portfolio, and deploys Bitcoin mining and HPC datacenters in the United States, Bhutan, Norway, Canada, Malaysia, and Ethiopia.
About the team
A security engineer role on the AI Cloud business line, covering four areas: security clause review in customer contracts, SDLC security process design and audit, day-to-day compliance control execution and self-audit, and technical input into insurance work. Also the direct technical contact for customers on security matters. Sits within Development Security & Testing, reports to the Head of Security.
What you will be responsible for:
- Customer contract security clauses — Build and maintain AI Cloud's own standard security clause library , tiered by customer segment. Review customer-proposed redlines, focusing on AI-specific issues — model output liability, training data residency, inference data retention, IP indemnity. Work with Legal and Sales to negotiate technical commitments on encryption strength, RPO/RTO, vulnerability SLAs, right-to-audit scope, and breach notification timelines.
- Customer technical engagement — Handle customer security questionnaires (SIG, CAIQ, custom questionnaires, AI-specific assessments). Attend customer-led security reviews, on-site audits, and assurance calls. Explain our AIDC architecture (InfiniBand isolation, GPU multi-tenancy, BMC, cross-region data flows) in a way customer security teams can validate. Trust Center technical content also lives here.
- SDLC security process — Set up a standard SDLC security flow across AI Cloud product lines: threat modeling, design review, security testing requirements, pre-release sign-off. Checkpoints at design / coding / pre-release / post-release. Quarterly audit of how each product team follows the process; push remediation. Also own the engineering security training (secure coding, threat modeling, AI security) — design once, deliver quarterly.
- Business-line compliance execution & self-audit — Make the SOC 2 / ISO 27001 / ISO 42001 controls actually work on the AI Cloud side — day-to-day execution, evidence collection, internal self-audit, closing findings before external audits. Translate compliance language into concrete things engineering can actually do.
- Insurance technical input — Underwriter questionnaires for Cyber / Tech E&O / Property policies need technical input from the AI Cloud side; this role responds. Update risk inputs at renewal (new products, architecture changes, incident history).
How you will stand out:
- 6+ years in security, with at least 3 years leaning toward AppSec / Product Security / DevSecOps or security consulting.
- Hands-on with B2B contract security clauses — either drafting standard terms for a product company, or reviewing customer redlines as a vendor.
- Solid on SDLC security: threat modeling (STRIDE/PASTA), secure code review, SAST/DAST/SCA, vulnerability management.
- Working knowledge of SOC 2 / ISO 27001 / NIST CSF — enough to execute controls inside a business line. Not asking for a certification expert, but you should be able to talk to auditors and compliance folks.
- Comfortable with at least one major cloud (AWS / GCP / Azure) at the architecture level — IAM, networking, workload security.
- Working proficiency in English and Chinese — most docs are in English, but a lot of customer and engineering conversations happen in Chinese.
Preferred:
- Experience executing compliance controls as a first line of defense inside a business line — not just designing or auditing from the outside.
- Customer-facing security work in a B2B context — handled security questionnaires (SIG / CAIQ), attended customer security reviews or on-site audits.
- Comfortable reading and negotiating security / privacy clauses in commercial contracts — familiar with DPA, SLA, right-to-audit, breach notification, and similar terms.
- Familiar with AI / LLM security: prompt injection, model extraction, training data poisoning, multi-tenant LLM isolation, AI-specific contractual liability.
- Any of: K8s security, GPU / HPC, multi-tenant SaaS, AIDC fabric (InfiniBand / UFM / BlueField), regulated industries (finance / healthcare).
- Worked with EU customers (GDPR Article 28, NIS2, EU AI Act); or supported Cyber / Tech E&O underwriting from the insured side.
- CISSP / CCSP / AWS Security Specialty / ISO 27001 LI or similar.
What you will experience working with us:
- A culture that values authenticity and diversity of thoughts and backgrounds;
- An inclusive and respectable environment with open workspaces and exciting start-up spirit;
- Fast-growing company with the chance to network with industrial pioneers and enthusiasts;
- Ability to contribute directly and make an impact on the future of the digital asset industry;
- Involvement in new projects, developing processes/systems;
- Personal accountability, autonomy, fast growth, and learning opportunities;
- Attractive welfare benefits and developmental opportunities such as training and mentoring.
--------------------------------------------------------------------
Bitdeer is committed to providing equal employment opportunities in accordance with country, state, and local laws. Bitdeer does not discriminate against employees or applicants based on conditions such as race, colour, gender identity and/or expression, sexual orientation, marital and/or parental status, religion, political opinion, nationality, ethnic background or social origin, social status, disability, age, indigenous status, and union.
#LI-ST1