Cyber Security Engineer

About Us MetaComp Pte Ltd is a leading Singapore-based digital payment solution provider, licensed and regulated by the Monetary Authority of Singapore (MAS) as a Major Payment Institution, to provide Digital Payment Token Services and Cross-border Payment Transfers. Operating under a P2B2C (platform-to-business, partners-to-clients) model, MetaComp provides its clients with an integrated end-to-end suite of services, empowering them to confidently enter the digital asset market with much-needed safety, security, and compliance assurance. Together with its parent company, Metaverse Green Exchange Pte. Ltd. (a MAS-licensed CMS holder permitted to carry out, inter alia, brokerage and custody services), MetaComp introduces its suite of services through CAMP (Client Assets Management Platform) which allow businesses to develop and scale their digital asset offerings through various products and/or services such as over-the-counter transactions, fiat payments, digital asset custody and prime brokerage. Role Overview We are seeking a hands-on Security Engineer to strengthen our security posture across identity, endpoint/mobile baselining, application security (DevSecOps), detection & response engineering, and tech risk compliance readiness. This candidate will partner with Engineering, Infrastructure, Technology Operations to reduce risk, close telemetry gaps, automate response, and embed security controls into platforms and delivery pipelines. This role requires an engineer who can build guardrails, pipelines, controls, measure coverage, detection maturity, response time, and participate in security incident support, purple-team exercises, audit/forensics evidencing. Key Responsibilities Social Engineering & Identity Risk Mitigation • Design and implement controls to reduce social engineering risk (phishing, MFA fatigue, helpdesk impersonation, BEC patterns). • Lead and enhance Enterprise SSO integrations (SAML/OIDC) across business-critical applications. • Roll out and optimize MFA strategies (phishing-resistant methods where possible), conditional access, and identity risk-based policies. • Partner with IT and HR to deliver security awareness enablement that drives measurable behavioral change (e.g., reduced click rates, improved reporting).KPIs include reduced account takeover risk, consistent SSO/MFA coverage, measurable phishing resilience. MDM Security Baselining & Endpoint/Mobile Hardening • Define and enforce security baselines for MDM (Linux/iOS/Android/Windows/macOS) including encryption, jailbreak/root detection, OS patch requirements, device compliance, and secure app configurations. • Partner with IT EUC teams to implement guardrails (e.g., device posture checks for SSO access, conditional access based on compliance). • Build configuration compliance reporting and remediate drift at scale. • KPIs include baseline compliance, reduced configuration drift, improved endpoint/mobile assurance. Strengthen Application Security Posture (DevSecOps) • Embed security controls into CI/CD for: SAST (static analysis), DAST (dynamic analysis), SCA (open-source dependency risk), IaC security (Terraform/CloudFormation/etc.), Policy-as-code (guardrails for cloud and CI/CD) • Define secure SDLC requirements (threat modeling, security gates, risk-based exceptions, remediation SLAs). • Establish and maintain secure coding standards and deliver developer enablement/training. • Partner with engineering leaders to prioritize and reduce vulnerability backlog and prevent regression. • KPIs include improved coverage of automated security testing, reduced critical vulnerabilities in production, faster remediation SLAs. Centralized Secrets Management (Eliminate Hard-Coded Credentials) • Implement and govern centralized secrets management (e.g., Vault, cloud-native secret managers), including: No hard-coded credentials in code/repos/build logs, Secret rotation and lifecycle policies, Least-privilege access and audit logging • Build detection/prevention for secret leakage (pre-commit scanning, CI checks, repository scanning). • Drive adoption with engineering teams via patterns, templates, and paved-road tooling. • KPIs include reduced secret exposure, consistent rotation policies, measurable reduction in credential leakage. Detection Engineering, MITRE ATT&CK Alignment, and Threat Hunting • Develop and tune detections aligned to MITRE ATT&CK techniques relevant to our environment. • Support proactive threat hunting and improve detection efficacy using ATT&CK-driven hypotheses. • Close telemetry gaps between SOC “defend” visibility and hunt requirements (endpoint, identity, cloud, application logs, CI/CD telemetry). • Define detection coverage metrics (e.g., ATT&CK technique coverage, alert quality, false positive rate). • KPIs include improved detection coverage, lower false positives, reduced blind spots. Purple Teaming & Adversary Emulation • Participate in and/or lead purple-team exercises with SOC/MDR, engin...