Senior security engineer

Posted: July 24, 2022, 3:05 p.m. - Full Time - Cyberjaya

Zero-day exploits, ransomware, denial-of-service attacks, and phishing are only some of the security threats that global businesses face every day of every year. How do we protect ourselves against these?

At Deriv, we employ a world-class team of security engineers and analysts to keep our systems safe. Awareness, detection, and prevention are the three pillars in our fight against cybercrime.

Tools and methods we employ range from our in-house-developed detection and monitoring systems to 3rd-party systems and expertise to regular and realistic security drills and exercises that not only probe our systems and servers but also evaluate the security of our physical offices.

In addition, our Security Engineers collaborate with a crowd of external security researchers as a part of our bug bounty program and internally with our technical teams to discover and fix security issues in swift timelines.

Apply for this job if you are a top-notch security engineer who wants to have a go at securing an infrastructure where every day, tens of thousands of our clients place hundreds of thousands of financial trades that are worth hundreds of millions of dollars!

Some business background Over the years, our business has seen tremendous growth. Currently, we have 12 offices on four continents. We manage multiple, terabyte-sized, and redundant databases and are at present growing our workforce from 750 to 1500 people, all of that backed up by a strong financial foundation.

We follow industry trends to improve our security assessments, scope, and methodologies. Our platform continuously gets tested by external researchers as a part of our bug bounty program, and internally, we have built a state-of-the-art security scanning platform called Unified Security Platform.

As a result of these developments, our Cyber Security posture has become stronger, and we are able to provide a very rewarding job with ample challenges and learning opportunities to engineers who accompany us in our journey.

What will you be doing?

As a Security Engineer at Deriv, you and your team are responsible for all of our business continuity efforts globally. It is your sacred mission to ensure that we identify security issues before attackers do and fix them before attackers get a chance to exploit them.

The work in the Security team is primarily driven by the outcome of our — very frequent — security assessments. These assessments ensure that our platforms and systems are securely configured.

Because not all security vulnerabilities are created equal, it is essential for you to get a good understanding of our business and technical infrastructure and to bring along a healthy dose of common sense!

On an average day, you might be working on the following: * Work with our application developers, network engineers, or infrastructure team to ensure that security is the foundation of all the projects we embark on. * Perform vulnerability assessments, code reviews, and penetration tests because these are key in our mission to stop security incidents from happening in the first place. * Plan, train, and create awareness throughout the company because you understand that security is a serious team effort that involves the whole company. * Develop tools to identify the latest vulnerabilities in our IT infrastructure because our systems and business — like everything else — change over time.

On a not-so-average day, you might be leading the response and recovery activities in the event of a major incident because that’s where the rubber meets the road!

Requirements * A vivid imagination and a healthy dose of common sense * Extensive knowledge of industry-standard best practices in information security Programming skills (in any language) * Strong communication and collaboration skills and the ability to interface with all company levels * Excellent spoken and written English communication skills

Skills that are good to have Hands-on experience in Linux and cloud computing (AWS, GCP, and other IAAS) Experience in securing web applications, mobile applications, infrastructure, etc.and supporting frameworks, e.g. OWASP Top 10. * Experience with implementing SDLC into large enterprise organisations * Familiarity with legacy and modern application architectures and related technologies (web applications, service-oriented architecture, microservices), network protocols, and storage and backup services

Benefits * A competitive, market-based salary, performance bonus, and health benefits * A chance to work in a fast-growing company with incredible career opportunities * A MacBook or other high-end laptop of your choice to work on * For our foreign candidates: we will apply for your work permit and provide you with relocation assistance. * Lunch, fruits, beverages, team outings with fantastic colleagues, and company holidays * A chance to travel to our offices in Dubai, Paris, Malta, Limassol, Guernsey,Asunción, Dubai, Ipoh, Melaka, and Kigali

Where will you be working? You will be working out of our brand new and hyper-modern Cyberjaya office that not only has a sauna and a gym but also several climbing walls, a squash court, a rooftop bar, a BBQ pit, and an auditorium. You can watch a virtual tour of our office here.

Your colleagues in Deriv are A-players, come from all over the world, and are very much considered experts in their domains. If you thrive in an international environment, this is your chance! At last count, we had well over 50 different nationalities working in our company, from every continent except Antarctica!