Singapore smart contract security jobs, audit firms vs in house security and what portfolio proof wins interviews

I’m a mid level smart contract security engineer evaluating Singapore smart contract security jobs, and I’m trying to decide whether to target audit firms or in house security teams without building the wrong portfolio first.

I can show security reviews and some private client work, but I’m not sure what hiring teams in web3 security roles in Singapore actually shortlist as proof. I’m also trying to sanity check hybrid expectations before I spend the next few months polishing a portfolio in one direction.

What’s confusing me is that similar job titles seem to ask for very different signals. Some roles seem to value clean audit report examples and issue communication, while others look for stronger threat modeling depth, internal security workflows, and how you think about protocol risk over time. I don’t want to overfit to one interview style and look weak for the other.

For people hiring or working in blockchain security Singapore roles, what portfolio proof tends to convert into interviews more reliably? If you have worked across both sides, what changed in how your work was evaluated?

What makes a candidate look genuinely useful versus just well prepared on paper? If someone has mostly private work, how do they present it credibly without oversharing client details?