Senior Security Operations Engineer, AIDC

Bitdeer is a world-leading technology company for Bitcoin mining and AI cloud.

Bitdeer is committed to providing comprehensive Bitcoin mining solutions for its customers. Apart from designing industry-leading ASIC chips and manufacturing mining rigs, the Group handles complex processes involved in computing across the value chain. This includes equipment procurement, transport logistics, datacenter design and construction, equipment management, and network and facility operations. Bitdeer also offers advanced cloud capabilities to customers with a high demand for artificial intelligence.

Headquartered in Singapore, Bitdeer operates globally with a diversified 3 GW energy portfolio, and deploys Bitcoin mining and HPC datacenters in the United States, Bhutan, Norway, Canada, Malaysia, and Ethiopia.

Bitdeer AI Cloud's security team is expanding its Asia-Pacific security operations capabilities. This role owns the full-stack security operations for Asian AI data centers (AIDCs), covering detection engineering, incident response, host and network hardening, vulnerability management, and security tooling development. You will serve as a critical node in our global 7×24 security operations, coordinating with Americas and European security teammates to ensure continuous monitoring across all AIDCs worldwide.
If you want to work on the front lines of security operations for GPU clouds, InfiniBand high-speed networks, and large-scale GPU clusters — hands-on from writing detection rules to driving live incident response — this role is built for you.

• →Security Monitoring & Incident Response
  • Own security alert monitoring, triage, and incident response for Asian AIDCs (7×24 on-call rotation). Provide global AIDC alert coverage during Americas and Europe off-hours.
  • Independently handle L2/L3 security incidents including anomalous GPU utilization and cryptojacking, SSH brute force and anomalous login, container escape events, IB/RoCE network anomalies, and BMC out-of-band unauthorized access.
  • Participate in P0/P1 incident response, executing forensics, containment, and recovery operations.
  • Maintain and update Asia regional incident response playbooks and runbooks. Participate in quarterly IR tabletop exercises.
  • Own post-incident reviews, producing root cause analysis reports and driving closed-loop remediation.
  
• →Detection Engineering & SIEM/HIDS Operations
  • Operate the SIEM platform (Wazuh / Splunk / Elastic SIEM or equivalent) daily — detection rule tuning, false positive suppression, log source onboarding, and health monitoring.
  • Independently write detection rules covering GPU cloud attack vectors — cryptomining process signatures, anomalous GPU utilization patterns, unauthorized NCCL communications, Kubernetes API anomalous calls, SSH key injection anomalies, and more.
  • Operate HIDS and eBPF runtime security tools (Tetragon / Falco) — agent deployment coverage, alert policy maintenance, and false positive management.
  • Participate in detection-as-code practices — Git version-controlled detection rules, CI/CD pipelines, and unit testing.
  • Participate in regular threat hunting activities based on MITRE ATT&CK Cloud Matrix, identifying and closing detection blind spots.
  
• →Host & Infrastructure Security Hardening
  • Execute host hardening on AIDC servers — Linux CIS Benchmark baseline configuration, auditd standardization, SSH hardening, and privileged account cleanup.
  • Track CVEs for NVIDIA GPU drivers, CUDA, NCCL, UFM, BMC firmware, and related components. Partner with the platform engineering team on vulnerability assessments and patch deployments.
  • Participate in KVM/QEMU virtualization security baseline maintenance and escape detection rule updates.
  • Support IAM and privileged access management daily operations — jump host user management, JIT access approval, privileged session audit review.
  • Execute periodic asset scanning and vulnerability management. Produce scan reports, drive remediation, and track SLA compliance rates.
  
• →Network Security Operations
  • Participate in firewall rule maintenance, IPS/WAF policy tuning, and security change approvals for Asian AIDCs.
  • Perform network traffic analysis using NetFlow / IPFIX to identify anomalous outbound traffic, data exfiltration behavior, and C2 communication signatures.
  • Maintain IB/RoCE network security monitoring — P-Key configuration audits, unauthorized device connection detection, and UFM security log alerting rules.
  • Participate in DDoS response plan maintenance and drills.
  
• →Security Tooling & Automation
  • Develop and maintain security automation scripts and tools — alert aggregation and deduplication, automated forensic artifact collection, bulk IOC checks, log parsing, and anomaly tagging.
  • Participate in testing, deployment, and feedback for in-house security products (HIDS / CSPM / LLMAF), driving product improvement.
  • Write security operations documentation and maintain the SOC knowledge base.
  
• →Cross-Time-Zone Coordination & Compliance Support
  • Establish daily handoff mechanisms with Americas security teammates, ensuring continuous global security event handover.
  • Support the GRC Manager with SOC 2 and ISO 27001 evidence collection — log monitoring evidence, access control audit records, vulnerability management reports, IR drill records, and more.
  • Participate in Asia time zone customer security incident response and remediation.

• →A culture that values authenticity and diversity of thoughts and backgrounds;
• →An inclusive and respectable environment with open workspaces and exciting start-up spirit;
• →Fast-growing company with the chance to network with industrial pioneers and enthusiasts;
• →Ability to contribute directly and make an impact on the future of the digital asset industry;
• →Involvement in new projects, developing processes/systems;
• →Personal accountability, autonomy, fast growth, and learning opportunities;
• →Attractive welfare benefits and developmental opportunities such as training and mentoring.

--------------------------------------------------------------------

Bitdeer is committed to providing equal employment opportunities in accordance with country, state, and local laws. Bitdeer does not discriminate against employees or applicants based on conditions such as race, colour, gender identity and/or expression, sexual orientation, marital and/or parental status, religion, political opinion, nationality, ethnic background or social origin, social status, disability, age, indigenous status, and union.

#LI-ST1

• Bachelor's degree or higher in Computer Science, Cybersecurity, Computer Engineering, or related field.
  
• 5+ years of hands-on information security experience, with at least 3 years focused on cloud infrastructure / IaaS / data center security operations.
  
• Independent incident response capability, having handled multiple security incidents as L2/L3 analyst or IR team member (including intrusion detection, malware analysis, forensics, etc.).
  
• Strong Linux system administration and hardening skills — able to independently complete CIS Benchmark baseline configuration, auditd setup, iptables/nftables rule creation, and system log analysis.
  
• Hands-on experience with at least one mainstream SIEM platform (Wazuh / Splunk / Elastic SIEM) and able to independently write detection rules and tune alerts.
  
• Familiar with container (Docker) and Kubernetes security fundamentals — understand Pod security policies, RBAC, network policies, and image security scanning.
  
• Strong scripting skills — Python (required) + Shell (required). Able to independently develop security automation tools.
  
• Solid network security fundamentals — TCP/IP, firewalls, IPS/IDS, VPN, traffic analysis (tcpdump / Wireshark).
  
• Familiar with MITRE ATT&CK Framework and able to apply it in daily detection and response work.
  
• Professional fluency in both English and Mandarin Chinese — able to read English security documentation, write incident reports and detection rule comments in English, and communicate in Mandarin with the team and management for daily technical discussions. This is a hard requirement.
  
• Willing to accept irregular working hours — must participate in on-call during major incidents and conduct cross-time-zone handoff with Americas colleagues.

• Background in security operations at GPU cloud providers, supercomputing centers, HPC businesses, or AIDC operators. Understanding of NVIDIA GPU clusters, InfiniBand networking, BMC out-of-band management.
  
• Hands-on experience with the eBPF technology stack (Tetragon / Falco / Cilium / BCC).
  
• KVM/QEMU virtualization security experience, understanding of VM escape attack surfaces and defenses.
  
• Prior experience in SecOps / SOC teams at major cloud providers (AWS / GCP / Azure) or large internet companies.
  
• Detection-as-code experience — version-controlled detection rules, CI/CD, SIGMA rule format.
  
• Large-scale HIDS deployment and operations experience (Wazuh / Elkeid / OSSEC, 1000+ nodes).
  
• Threat hunting experience, able to independently design and execute hypothesis-driven hunting campaigns.
  
• Participation in bug bounties, CTF competitions, or open source security project contributions.