About the role

Senior Security Engineer in a fintech company securing sensitive financial data and infrastructure against cyber threats. Responsible for implementing security practices and collaborating with various teams.

Responsibilities

Monitor and triage security issues discovered by security posture monitoring tools
Identify and fix vulnerabilities in web/mobile apps
Perform code reviews and plan penetration testing
Implement secure development practices (DevSecOps)
Collaborate with developers to secure new and existing features
Secure cloud deployments
Set up firewalls, proxies, IAM policies, VPCs, and network monitoring dashboards
Configure and manage encryption keys and other secrets
Ensure adherence to financial compliance standards (e.g., SOC 2, MAS, GDPR, ISO 27001)
Conduct risk assessments and audits
Support documentation and evidence gathering for audits
Monitor systems for suspicious behavior or data breaches
Set up and tune SIEM tools (like Splunk or Datadog)
Lead or support incident response (IR) and post-mortem analysis
Implement controls for data encryption, tokenization, and access control
Ensure customer financial data (e.g., KYC, investment info) is protected
Educate the team on phishing, secure coding, and access hygiene
Define and setup endpoint security policies
Help foster a “security-first” culture in a fast-moving startup

At least 8 years of work experience in software or data engineering, ideally in financial services and/or fintech industry
At least 8 years of hands-on experience in information security, cybersecurity, or cloud security roles
Advanced scripting or programming ability in Python, TypeScript, and Bash
Strong understanding of network security, encryption, authentication, and access control
Extensive experience with cloud platforms such as AWS/Azure, and preferably GCP, along with cloud-native technologies
Experience implementing zero-trust architecture, secrets management (e.g., HashiCorp Vault), and DevSecOps practices
Familiarity with container and orchestration security (Docker, Kubernetes, Istio)
Experience conducting or leading threat modeling, penetration testing, or incident response
Experience with application security practices, such as code scanning (e.g., Snyk, Checkmarx) and OWASP Top 10
Familiarity with SIEM tools, intrusion detection systems, and endpoint protection
Ability to implement and maintain identity and access management policies (SSO, MFA, RBAC)
Understanding of financial regulatory standards such as SOC 2, ISO 27001, PCI-DSS, or GDPR
Basic knowledge of risk assessment and compliance requirements in a fintech environment
Strong communication skills with ability to collaborate across engineering, product, and compliance teams
Ability to explain complex security concepts in simple terms to non-technical stakeholders
Based in Singapore, or you have plans to relocate