IT Security Engineer
iSTOX is the first fully regulated capital markets platform in any major financial centre to feature the issuance, custody and trading of digitised securities. Combining the power of distributed ledger technology (DLT) and smart contracts with an innovative business model, iSTOX brings private capital markets into the 21st century. By allowing buyers and sellers to connect directly, iSTOX removes longstanding barriers that have prevented a far greater pool of investors from access to private market opportunity. Compared with traditional trading venues, iSTOX is a more flexible, affordable and inclusive alternative, and offers investment options that were previously inaccessible.
iSTOX is now fully regulated by the Monetary Authority of Singapore. Key investors include Singapore Exchange and Heliconia (a fully owned subsidiary of Temasek).
We are seeking an IT Security Engineer to be part of our team. This position will report to the Head of Technology and will work to ensure the IT security strategy of the company.
- Design and implement robust IT security policies, processes and tools, especially in the areas of information security, infrastructure, cyber security, cloud security, web application security, data privacy etc
- Be responsible for overall security of critical systems and services
- Provide advisory on security threats and vulnerabilities and recommend resolutions
- Incident response management reporting, support and solution implementation
- Conduct periodic security reviews, vulnerability assessments and audits
- Build and implement automated intrusion and anomaly detection systems
- Perform code reviews and verify reported security issues and bugs
- Oversee information security awareness, data privacy and related training for employees
- Work with partners to ensure compliance of security requirements in an FI environment
- Bachelor’s degree in Computer Science/Engineering or related field
- Minimally 3 years in a Security Engineering or similar role, preferably including good experience and knowledge in network security, AWS cloud security, and web application security
- Experience conducting vulnerability assessments, penetration testing (VAPT)
- Experience preventing, identifying and remediating system and software vulnerabilities
- Familiarity with common attack patterns and exploitation techniques
- Familiarity with threat modelling and risk identification techniques
- Familiarity with security technologies, practices, application/network/systems architecture and design, tests tools and processes.
- Familiarity with mainstream third-party security services, including firewall, penetration monitoring, DLP etc
- Experience with complex, large-scale distributed systems architecture a plus
- Experience with IT security requirements, standards in the financial sector a plus