Solutions

Industries

Alto Apps

Customer Stories

Resources

facebook-icon
linkedin-icon
youtube-icon

Sign In

Request Demo

Request Demo

Request Demo

Security Engineer

Bangkok, Thailand

Full-time

|

On-site


None

Apply

Apply

Role Overview

Lead the security architecture and implementation of AltoTech's AI-powered IoT platform, protecting critical infrastructure across 80+ smart buildings. You'll be breaking everything you touch and helping us fix it - designing and implementing comprehensive security measures for our CERO platform, safeguarding millions of IoT data points, ensuring compliance with industry standards, and building resilient systems that protect both edge devices and cloud infrastructure from evolving cyber threats.

Responsibilities

  • Analyze and audit systems: Examine our system services, operating systems, IoT networks, and applications from a security perspective, discovering vulnerabilities and recommending patches while participating in security audits, risk analysis, and comprehensive security reviews.

  • Secure the IoT ecosystem: Design and implement end-to-end security architecture for thousands of connected devices, from sensors to gateways, ensuring data integrity and preventing unauthorized access to building control systems.

  • Fortify edge-to-cloud infrastructure: Build security frameworks that protect data flow from on-premise edge servers through to Azure cloud services, implementing encryption, authentication, and secure communication protocols.

  • Orchestrate zero-trust architecture: Develop and maintain zero-trust security models for our AltoOS platform, implementing micro-segmentation, continuous verification, and least-privilege access controls.

  • Monitor and respond to threats: Establish 24/7 security monitoring systems with real-time threat detection, automated incident response, and forensic capabilities to protect against cyber attacks on critical building infrastructure.

  • Ensure compliance excellence: Implement security controls that meet ISO 27001, PDPA, and industry-specific standards, conducting regular audits and maintaining comprehensive security documentation.

Qualifications

Experience

3+ years in security engineering, penetration testing, or vulnerability research, with hands-on experience breaking and securing production systems.


Technical Skills

  • Security Analysis & Testing: Expert at discovering security vulnerabilities, analyzing attack vectors, conducting security code reviews, and recommending effective patches and mitigations.

  • Security Architecture: Expert knowledge of security frameworks (NIST, ISO 27001), threat modeling, and risk assessment methodologies for distributed systems.

  • IoT/OT Security: Deep understanding of IoT security challenges, secure device provisioning, firmware security, and protocols like MQTT, CoAP, and BACnet security considerations.

  • Cloud Security: Proficiency with Azure security services (Azure Sentinel, Security Center, Key Vault), identity and access management (IAM), and cloud-native security tools.

  • Network Security: Strong expertise in network segmentation, firewall configuration, VPN technologies, and secure communication protocols for IoT networks.

  • Vulnerability Assessment: Hands-on experience with penetration testing tools (Metasploit, Burp Suite, Nmap, Wireshark), vulnerability scanners, fuzzing tools, and ability to perform manual security testing and write proof-of-concept exploits.


Preferred Skills

  • Reverse Engineering & Exploitation: Experience with reverse engineering tools, exploit development, and understanding of common vulnerability types (OWASP Top 10, CWE).

  • Secure Development: Knowledge of secure coding practices, DevSecOps pipelines, and security testing automation (SAST/DAST).

  • Building Automation Security: Understanding of BACnet secure, Modbus security, or experience securing smart building systems and industrial control systems.

  • Compliance & Auditing: Experience with PDPA compliance, security auditing, and implementing security controls for regulated industries.

  • Certifications & Recognition: Security certifications (OSCP, GPEN, CEH), CTF participation, bug bounty hall of fame, or recognized contributions to security community.


Education

Bachelor's degree in Computer Science, Cybersecurity, Information Security, or equivalent experience.


Soft Skills

Strong analytical and problem-solving abilities, excellent communication in English, ability to explain complex security concepts to non-technical stakeholders, proactive security mindset, and passion for protecting critical infrastructure.

What we offer

  • Join a fast-growing startup securing the future of sustainable smart buildings against cyber threats.

  • Work with cutting-edge IoT security technologies and protect real-world critical infrastructure.

  • Make a tangible impact by safeguarding systems that reduce energy consumption globally.

  • Grow your career in the intersection of cybersecurity, IoT, and sustainability tech.

To apply, send your resume and any relevant security certifications/portfolio to kwarodom@altotech.ai, jirayut@altotech.ai, thakorn.s@altotech.ai with the subject line "Security Engineer, [Your Name]"

To apply, send your resume and any relevant security certifications/portfolio to kwarodom@altotech.ai, jirayut@altotech.ai, thakorn.s@altotech.ai with the subject line "Security Engineer, [Your Name]"

To apply, send your resume and any relevant security certifications/portfolio to kwarodom@altotech.ai, jirayut@altotech.ai, thakorn.s@altotech.ai with the subject line "Security Engineer, [Your Name]"

Apply Now

Apply Now

Apply Now

About AltoTech

At AltoTech, we are transforming the future of sustainable buildings through cutting-edge IoT and AI-driven solutions. Our mission is to optimize energy use, reduce emissions, and lead the charge toward a net-zero world.

Learn More