Overview

Zero-day exploits, ransomware, denial-of-service attacks, and phishing are only some of the security threats that global businesses face every day of every year. How do we protect ourselves against these?

At Deriv, we employ a world-class team of security engineers and analysts to keep our systems safe. Awareness, detection, and prevention are the three pillars in our fight against cybercrime.

Tools and methods we employ range from our in-house-developed detection and monitoring systems to 3rd-party systems and expertise to regular and realistic security drills and exercises that not only probe our systems and servers but also evaluate the security of our physical offices.

In addition, our Security Engineers collaborate with a crowd of external security researchers as a part of our bug bounty program and internally with our technical teams to discover and fix security issues in swift timelines.

Apply for this job if you are a top-notch security engineer who wants to have a go at securing an infrastructure where every day, tens of thousands of our clients place hundreds of thousands of financial trades that are worth hundreds of millions of dollars!

Some business background

Over the years, our business has seen tremendous growth. Currently, we have 12 offices on four continents. We manage multiple, terabyte-sized, and redundant databases and are at present growing our workforce from 750 to 1500 people, all of that backed up by a strong financial foundation.

We follow industry trends to improve our security assessments, scope, and methodologies. Our platform continuously gets tested by external researchers as a part of our bug bounty program, and internally, we have built a state-of-the-art security scanning platform called Unified Security Platform.

As a result of these developments, our Cyber Security posture has become stronger, and we are able to provide a very rewarding job with ample challenges and learning opportunities to engineers who accompany us in our journey.

What will you be doing?

​As a Security Engineer at Deriv, you and your team are responsible for all of our business continuity efforts globally. It is your sacred mission to ensure that we identify security issues before attackers do and fix them before attackers get a chance to exploit them.

The work in the Security team is primarily driven by the outcome of our — very frequent — security assessments. These assessments ensure that our platforms and systems are securely configured.

Because not all security vulnerabilities are created equal, it is essential for you to get a good understanding of our business and technical infrastructure and to bring along a healthy dose of common sense!

On an average day, you might be working on the following:

  • Work with our application developers, network engineers, or infrastructure team to ensure that security is the foundation of all the projects we embark on.
  • Perform vulnerability assessments, code reviews, and penetration tests because these are key in our mission to stop security incidents from happening in the first place.
  • Plan, train, and create awareness throughout the company because you understand that security is a serious team effort that involves the whole company.
  • Develop tools to identify the latest vulnerabilities in our IT infrastructure because our systems and business — like everything else — change over time.

On a not-so-average day, you might be leading the response and recovery activities in the event of a major incident because that’s where the rubber meets the road!

Requirements

  • A vivid imagination and a healthy dose of common sense
  • Extensive knowledge of industry-standard best practices in information security
  • Programming skills (in any language)
  • Strong communication and collaboration skills and the ability to interface with all company levels
  • Excellent spoken and written English communication skills

Skills that are good to have

  • Hands-on experience in Linux and cloud computing (AWS, GCP, and other IAAS)
  • Experience in securing web applications, mobile applications, infrastructure, etc. and supporting frameworks, e.g. OWASP Top 10.
  • Experience with implementing SDLC into large enterprise organisations
  • Familiarity with legacy and modern application architectures and related technologies (web applications, service-oriented architecture, microservices), network protocols, and storage and backup services

Benefits

  • Exciting work challenges
  • Collaborative work environment
  • Career advancement opportunities
  • Market-based salary
  • Annual performance bonus
  • Health benefits
  • Casual dress code
  • Travel and internet allowances
  • Team building events

Location: Cyberjaya, Selangor