Cybersecurity Engineer

Role: Security Engineer

About the Company
A MAS-regulated digital payments provider offering digital asset and cross-border payment solutions.

Operates an end-to-end platform that enables businesses to securely and compliantly enter and scale in the digital asset space, covering services such as OTC trading, fiat payments, custody, and prime brokerage.

Overview
Seeking a hands-on Security Engineer to strengthen identity security, endpoint/mobile baselining, DevSecOps, detection & response, and compliance readiness.

You’ll work closely with Engineering, Infra, and Tech Ops to reduce risk, automate security controls, and improve detection and response capabilities.

Key Responsibilities

Identity & Social Engineering Risk

• Implement controls to reduce phishing, MFA fatigue, impersonation, and BEC risks
• Manage SSO (SAML/OIDC), MFA, and conditional access policies
• Improve identity risk posture and security awareness

Endpoint & MDM Security

• Define and enforce device security baselines (Windows, macOS, iOS, Android, Linux)
• Implement compliance checks, encryption, patching, and device posture controls
• Monitor and remediate configuration drift

DevSecOps & Application Security

• Embed security into CI/CD (SAST, DAST, SCA, IaC scanning, policy-as-code)
• Define secure SDLC practices (threat modelling, security gates, SLAs)
• Reduce vulnerabilities and improve remediation timelines

Secrets Management

• Implement centralized secrets management (e.g. Vault)
• Enforce no hard-coded credentials and automate secret rotation
• Detect and prevent credential leakage

Detection Engineering & Threat Hunting

• Build detections aligned to MITRE ATT&CK
• Improve telemetry coverage across endpoint, identity, cloud, and pipelines
• Reduce false positives and close visibility gaps

Purple Teaming & Security Testing

• Participate in adversary simulations and purple team exercises
• Translate findings into improved controls, detections, and automation

Automation & Incident Response

• Develop SOAR playbooks and automated runbooks
• Improve MTTD/MTTR and reduce manual effort
• Support incident response and investigation

Compliance & Security Controls

• Implement controls aligned with MAS TRM and CIS benchmarks
• Build compliance-as-code and continuous monitoring
• Support SOC 2 / PCI-DSS readiness and audits

Requirements

• 5–10 years in Security Engineering / DevSecOps / AppSec / Detection Engineering
• Strong experience with SSO (SAML/OIDC), MFA, and identity policies
• Hands-on DevSecOps tools (SAST, DAST, SCA, IaC scanning)
• Experience with secrets management and credential security
• Familiar with MITRE ATT&CK and detection engineering
• Experience building automation (SOAR, scripting, APIs)
• Knowledge of CIS benchmarks and security baselines
• Strong stakeholder management and collaboration skills

Nice-to-Have

• SOC 2 / PCI-DSS experience
• Cloud security (AWS/GCP/OCI)
• SIEM/EDR tools (e.g. CrowdStrike)
• Kubernetes/container security
• Certifications (CISSP, CCSP, GIAC, OSCP)