Security engineer

Posted: Feb. 14, 2022, 2:51 a.m. - Full Time - Cyberjaya or remote

Your role

As a Security Engineer at, you’ll perform penetration testing on our web applications and identify potential security issues. Your work will include developing, implementing, and integrating open-source security solutions, such as IDS and SIEM, and you will be in charge of monitoring and auditing Amazon Web Services system and service changes as well. You will also encourage security awareness throughout the organisation via regular communication on security best practices and the latest online threats.

Your challenges

  • Check our systems against the latest attacks, vulnerabilities, and mitigations.
  • Identify attack vectors.
  • Conduct security reviews of production infrastructure.
  • Build security tools and processes for critical infrastructure monitoring, protection, and mitigation.
  • Perform regular pentesting of our web applications.
  • Monitor our automated security scripts and utilise them to identify threats.
  • Manage our bug bounty programme.

What you have**

  • Experience in using AWS security tools
  • Experience in white-box security testing method
  • Experience with web application security and testing, security monitoring, and intrusion detection
  • Experience with fuzzing and finding edge cases in validation
  • Understanding of encryption fundamentals and the OWASP Top 10
  • A good understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL), side-channel, DoS, buffer overflows and DNS cache poisoning
  • Ability to assess the security impact of bugs and API inconsistencies
  • Familiarity with industry standard tools such as Burp Suite and Metasploit
  • Experience in writing custom code and scripts to investigate security threats
  • A clear understanding of the OSI model, TCP/IP, and other industry-standard network defence concepts
  • Knowledge of the latest industry trends and best practices in information security
  • Excellent spoken and written English communication skills

What’s good to have**

  • Knowledge of cloud-related risks and vulnerabilities
  • Familiarity with security best practices for cloud workloads
  • Firm grasp of security and disaster recovery measures
  • Operational experience in bug bounty programmes such as HackerOne, Bugcrowd, and Cobalt
  • OSCP, eCCPT, Security+, CISSP, or any GIAC certification

What we'll give you**

  • Market-based salary
  • Annual performance bonus
  • Health benefits
  • Casual dress code
  • Travel and internet allowances

About us**

We’re Deriv. We’re all about trading. We’re the geeky upstarts who pioneered an industry. That was more than 20 years ago, and we’re still going strong. Today, we work across continents and serve over two million traders from around the globe.

Join us. Grow with us

Our team

We are the Information Security team. We’re the first line of defence against hackers and security flaws that may impact our trading operations and global client base. We manage threats and potential security risks through smart strategies, airtight policies, meticulous communication, and technical execution.