Skip to content


Transcend the day-to-day work experience. Work inspired.

Application Security Engineer


Singapore - Singapore - Remote


Software & Product Development

Ref #:

Apply >


Job Summary:

UKG is seeking an Application Security (AppSec) Engineer to work in our Global Security team. The UKG's (USG) Global Security Research and Architecture (GSRA), application security team, is responsible for both finding bugs and designing mitigations for broad classes of bugs. We use and work on state of the art tools, maintain the infrastructure that supports our efforts, and empower Product Development to move to move quickly without compromising on safety. Because of the nature of USG’s product, nearly every system we operate needs to interact with sensitive financial and personal data, making the security team an extremely dynamic environment to join.

We are looking for someone with a strong application security engineering and development background. The ideal candidate can discuss abstract concepts or lead meetings but not be afraid to deep dive in technical details (From whiteboard to JAVA code, from Microsoft World to the linux console). If you can navigate sequence diagrams, use case documentation, and read source code always with security in mind –LET’S TALK!!

Essential Duties and Responsibilities: (other duties may be assigned)

As an AppSec Engineer you will:

Work with our code
Develop techniques to ensure development teams find flaws before they are introduced into production
Be a security subject matter expert and respond to any security development question
Work with development teams to design solutions that are inherently secure
Be a champion for simple security models
Correctly balance security risk and product advancement
Lead software security initiatives
Lead or participate in threat modeling discussions
Perform code deep dives to uncover security vulnerabilities or design
Document findings and architectural issues for development and other security teams consumption
Evaluate the security posture of existing applications
Perform proactive research to detect new attack vectors and pentest internal and external apps
We’re looking for someone who has:

Software development experience in a production environment
A deep understanding of the web application architecture
A knack for finding flaws in software and can efficiently communicate how to fix them
Strong communication skills and is accustomed to working closely with a product team
Doesn’t always default to industry norms when solving a problem
An ability to think like an attacker to develop threat models
Has designed and implemented mitigations for common classes of bugs


Required Qualifications/Skills:

Five or more years’ experience in:
Authentication (Identity management, MFA/2FA)
Applied Cryptography (PKI, Appropriate usage of Cryptographic Primitives, Digital Signatures, HASHing, HMACs)
Authorization (claims, RBAC, fine grained, coarse grained, XACML, OAUTH, SAML)
Web Services Security (WS-Security, Oauth, JWT)
Static Source Code Review Tools (e.g. Fortify, Appscan Source, Contrast, etc).
Application Service Hardening (CIS, NSA/DOD STIGs)
Coding experience in one or more general languages
Mobile App development experience a plus
Preferred Qualifications/Skills:

10 years of relevant work experience
Hard Core Development Skills
Interpersonal Skills:

Self-Lead and Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
Team working, including the ability to drive projects and initiatives in multiple departments
Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
Education/Certification/License (Optional):

Certified Security Software Lifecycle Professional (CSSLP)
Certified Information Systems Security Professional (CISSP)
BA or BS in information security, engineering, computer science, or related areas. A Master’s degree in an IT field is a plus, and a Master’s in cybersecurity is an even bigger plus.
Travel Requirement:

This job description has been written to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

Corporate overview

Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our employees are an extraordinary group of talented, energetic, and innovative people who care about more than just work. We strive to create a culture of belonging and an employee experience that empowers our people. UKG has more than 13,000 employees around the globe and is known for its inclusive workplace culture. Ready to be inspired? Learn more at

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws. 

View The EEO is the Law poster and its supplement. 

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email or please call 1 (978) 250 9800.