Information Security Engineer

About DCAP
At DCAP, we’re building the future of finance—one smarter, fairer decision at a time. As a 5-year-strong, Gobi Dana Impak–backed Malaysian fintech, our AI-driven Fintech platform helps banks, SMEs, fintechs reach communities that traditional finance often overlooks. We’ve already teamed up with commercial and digital bank partners to unlock SME and mobility financing for underbanked Malaysians.

We are looking for an Information Security Officer to manage day-to-day security operations, vulnerability management, and compliance readiness. This role focuses on practical security hygiene and audit support, ensuring our systems remain secure, compliant, and well‑documented as the business scales.

• Conduct internal vulnerability scans on web applications, servers, and endpoints
• Track, prioritize, and follow up on findings from VAPT and security assessments
• Coordinate remediation with developers and DevOps teams
• Maintain a vulnerability and risk register with clear ownership and timelines

• Monitor endpoint security tools (EDR / antivirus) and device compliance
• Ensure disk encryption (BitLocker / FileVault) and baseline security controls are enforced
• Review access controls, user permissions, and joiner–mover–leaver processes
• Support basic log review and security monitoring activities

• Own and maintain security evidence for SOC 2 and internal audits
• Maintain and update security policies (access control, incident response, DR, ISMS)
• Support compliance alignment with PDPA, BNM RMiT, and SC GTRM requirements
• Coordinate with external auditors and internal stakeholders during assessments
• Work with engineering teams on secure coding practices and dependency risks
• Ensure proper environment separation (development, staging, production) with DevOps team and Tech team
• Promote secure handling of credentials, secrets, and configuration based on audit requirements
• Assist in security incident response, investigation, and documentation
• Maintain incident logs, post‑incident reports, and corrective actions
• Proactively raise security risks and misconfigurations to management

• Not a penetration testing or red‑team role
• Not a 24/7 SOC analyst position
• Not advanced malware research or threat hunting

• 3 - 4 years of experience in IT, cybersecurity, system administration, or DevOps‑adjacent roles
• Working knowledge of web application security (OWASP Top 10)
• Familiarity with vulnerability scanning tools (e.g. Nessus, OpenVAS, Burp basic)
• Understanding of access control, endpoint security, and server hardening
• Comfortable with documentation, audits, and compliance processes

• Exposure to SOC 2 or ISO 27001
• Cloud security fundamentals (AWS/GCP IAM, security groups)
• Basic scripting or automation experience (Bash, Python)

• Direct exposure to real‑world fintech security and compliance
• Opportunity to build sustainable security practices, not just checklists
• Work closely with engineering and leadership on meaningful security decisions

• VCs‑Backed Startup: With the support of big and well‑known investors, we’re positioned for long‑term success.
• Work alongside experienced leaders and innovators: Who are passionate about cutting‑edge technology.
• Career Development: Be the pioneer key player in a collaborative environment.
• Make a Real Impact: Your contribution will directly shape the future of our products and the financing industry.