Security Engineer

Security (Information & Communication Technology)

Your role
As a Security Engineer at Deriv, you’ll perform penetration testing on our web applications and identify potential security issues. Your work will include developing, implementing, and integrating open-source security solutions, such as IDS and SIEM, and you will be in charge of monitoring and auditing Amazon Web Services system and service changes as well. You will also encourage security awareness throughout the organisation via regular communication on security best practices and the latest online threats.

What you’ll do
● Check our systems against the latest attacks, vulnerabilities, and mitigations.
● Identify attack vectors.
● Conduct security reviews of production infrastructure.
● Build security tools and processes for critical infrastructure monitoring, protection, and mitigation.
● Perform regular pentesting of our web applications.
● Monitor our automated security scripts and utilise them to identify threats.
● Manage our bug bounty programme.
● Join a newly formed team and collaborate in building the team from scratch.

What you have
● Experience in using AWS security tools
● Experience in white-box security testing method
● Experience with web application security and testing, security monitoring, and intrusion
detection
● Experience with fuzzing and finding edge cases in validation
● Understanding of encryption fundamentals and the OWASP Top 10
● A good understanding of attacks and mitigations such as timing, injection (e.g. form
parameter/SQL), side-channel, DoS, buffer overflows and DNS cache poisoning
● Ability to assess the security impact of bugs and API inconsistencies
● Familiarity with industry standard tools such as Burp Suite and Metasploit
● Experience in writing custom code and scripts to investigate security threats
● A clear understanding of the OSI model, TCP/IP, and other industry-standard network
defence concepts
● Knowledge of the latest industry trends and best practices in information security
● Excellent spoken and written English communication skills

What’s good to have
● Knowledge of cloud-related risks and vulnerabilities
● Familiarity with security best practices for cloud workloads
● Firm grasp of security and disaster recovery measures
● Operational experience in bug bounty programmes such as HackerOne, Bugcrowd, and
Cobalt
● OSCP, eCCPT, Security+, CISSP, or any GIAC certification

What we’ll give you
● The best workplace you can possibly imagine — a gorgeous 5-storey building including a rooftop garden, a gym, squash court, yoga room, barbecue pit, jam studio, and a lot more!
● A chance to work with top talent from across the globe (70+ nationalities)
● Ample team-building and bonding activities
● Great overseas travel opportunities
● Competitive salary and annual performance bonus
● A range of health benefits
● Casual dress code

About us
We’re Deriv. We’re all about trading. We’re the geeky upstarts who pioneered an industry. That was more than 20 years ago, and we’re still going strong. Today, we work across continents and serve over a million traders from around the globe.

Join us. Grow with us.

Our team
You’ll be part of our Information Security team, where we’re the first line of defence against hackers and security flaws that may impact our trading operations and global client base. We manage threats and potential security risks through smart strategies, airtight policies, meticulous communication, and technical execution.

Description

Your role
As a Security Engineer at Deriv, you’ll perform penetration testing on our web applications and identify potential security issues. Your work will include developing, implementing, and integrating open-source security solutions, such as IDS and SIEM, and you will be in charge of monitoring and auditing Amazon Web Services system and service changes as well. You will also encourage security awareness throughout the organisation via regular communication on security best practices and the latest online threats.

What you’ll do
● Check our systems against the latest attacks, vulnerabilities, and mitigations.
● Identify attack vectors.
● Conduct security reviews of production infrastructure.
● Build security tools and processes for critical infrastructure monitoring, protection, and mitigation.
● Perform regular pentesting of our web applications.
● Monitor our automated security scripts and utilise them to identify threats.
● Manage our bug bounty programme.
● Join a newly formed team and collaborate in building the team from scratch.

What you have
● Experience in using AWS security tools
● Experience in white-box security testing method
● Experience with web application security and testing, security monitoring, and intrusion
detection
● Experience with fuzzing and finding edge cases in validation
● Understanding of encryption fundamentals and the OWASP Top 10
● A good understanding of attacks and mitigations such as timing, injection (e.g. form
parameter/SQL), side-channel, DoS, buffer overflows and DNS cache poisoning
● Ability to assess the security impact of bugs and API inconsistencies
● Familiarity with industry standard tools such as Burp Suite and Metasploit
● Experience in writing custom code and scripts to investigate security threats
● A clear understanding of the OSI model, TCP/IP, and other industry-standard network
defence concepts
● Knowledge of the latest industry trends and best practices in information security
● Excellent spoken and written English communication skills

What’s good to have
● Knowledge of cloud-related risks and vulnerabilities
● Familiarity with security best practices for cloud workloads
● Firm grasp of security and disaster recovery measures
● Operational experience in bug bounty programmes such as HackerOne, Bugcrowd, and
Cobalt
● OSCP, eCCPT, Security+, CISSP, or any GIAC certification

What we’ll give you
● The best workplace you can possibly imagine — a gorgeous 5-storey building including a rooftop garden, a gym, squash court, yoga room, barbecue pit, jam studio, and a lot more!
● A chance to work with top talent from across the globe (70+ nationalities)
● Ample team-building and bonding activities
● Great overseas travel opportunities
● Competitive salary and annual performance bonus
● A range of health benefits
● Casual dress code

About us
We’re Deriv. We’re all about trading. We’re the geeky upstarts who pioneered an industry. That was more than 20 years ago, and we’re still going strong. Today, we work across continents and serve over a million traders from around the globe.

Join us. Grow with us.

Our team
You’ll be part of our Information Security team, where we’re the first line of defence against hackers and security flaws that may impact our trading operations and global client base. We manage threats and potential security risks through smart strategies, airtight policies, meticulous communication, and technical execution.

Location
Cyberjaya, Malaysia

.

Company information

Registration No.

200401011791650294-V

Report this job advert

This job ad has not been subjected to our hirer verification process. Proceed cautiously and do your own checks before providing any personal information.

Researching careers? Find all the information and tips you need on career advice.