Senior Cybersecurity Engineer (Cloud Security and Governance)

dtcpay is a MAS licensed payment service provider that bridges traditional finance and digital assets. We enable businesses to accept and make payments in both fiat and digital currencies, delivering secure, efficient, and seamless payment experiences across borders. As we expand globally, we are shaping the future of digital payments.

We are also recognised as one of Singapore’s Top 10 Startups in the LinkedIn Top Startups 2025 list, a reflection of our momentum and the exciting journey ahead for our team.

We are looking for a seasoned Senior Cybersecurity Engineer (Cloud Security and Governance) to secure our digital payment infrastructure and lead our cyber resilience initiatives. Reporting directly to the Head of Technology Governance, you will act as a hybrid technical lead and governance manager. You will be responsible for hands-on cloud security architecture, managing 24/7 security operations, and ensuring compliance with stringent financial regulations across Singapore, Hong Kong, Malaysia, Vietnam, and Luxembourg. This is a critical role for a professional who thrives in a high-growth Fintech environment, balancing proactive threat hunting with rigorous regulatory adherence. Depending on experience, the role may be considered at either a Senior Specialist level or a Manager level.

What You\'ll Do:

AWS Security Architecture: Design, implement, and monitor security controls within AWS. Manage AWS Security Hub, GuardDuty, Inspector, and IAM policies to ensure a hardened cloud posture.

WAF Configuration: Take ownership of Web Application Firewall (WAF) strategies. Configure and tune AWS WAF or Akamai WAF rulesets to mitigate OWASP Top 10 vulnerabilities, bot attacks, and DDoS threats.

DLP & CASB Management: Implement and manage Cloud Access Security Broker (CASB) solutions to enforce Internet usage policies and Data Loss Prevention (DLP) monitoring, ensuring sensitive financial data is protected across SaaS applications.

Incident Response & Security Operations

L1–L3 Incident Management: Lead the end-to-end incident response lifecycle. Act as the escalation point for L1/L2 triggers, handling L3 deep-dive investigations, forensics, and root cause analysis.

SOC Management: Oversee the Managed Security Operations Center (SOC) vendor. Ensure effective 24/7 monitoring, validate the quality of escalations, and refine detection playbooks to reduce false positives.

Threat Hunting & Modelling: Proactively hunt for indicators of compromise (IoCs) within the network. Develop threat models specific to payment gateways to anticipate and neutralise sophisticated attacks.

Regulatory Compliance: Ensure technology controls align with regional financial regulations and privacy laws, specifically:

MAS (Monetary Authority of Singapore) TRM Guidelines

HKMA (Hong Kong)

Vietnam Cybersecurity Law & Data Privacy regulations

BCP & DR Management: Lead the Business Continuity Planning (BCP) and Disaster Recovery (DR) programs. Coordinate regular drills to ensure operational resilience in the event of a cyber-attack or outage.

Cyber Simulations: Plan and facilitate Tabletop Exercises (TTX) involving technical teams and C-suite executives to test and improve organisational readiness.

What We\'re Looking For:

At least 5 years of experience in Cybersecurity, with specific exposure to the Fintech, Banking, or Payments sectors.

Hands-on experience with AWS Cloud Security services.

Proven expertise in configuring Akamai or AWS WAF.

Strong working knowledge of MAS TRM, BNM, and GDPR/PDPA privacy standards.

Certifications: Possession of industry-recognised certifications is highly valued:

CISSP (Certified Information Systems Security Professional)

CREST (Registered Intrusion Analyst/Tester)

CEH (Certified Ethical Hacker)

CCSP (Certified Cloud Security Professional)

CISM (Certified Information Security Manager)

Core Competencies

Ability to manage external vendors (Managed SOC) and internal stakeholders effectively.

Capable of translating complex technical threats into business risks for senior management.

Comfortable working in a fast-paced, high-growth startup environment where roles may evolve.

The role is based fully onsite, requiring your presence in the office.

Salary match Number of applicants Skills match

Your application will include the following questions:

• What\'s your expected monthly basic salary?
• Have you completed a Certified Information Systems Security Professional (CISSP) certification?
• How much notice are you required to give your current employer?
• How would you rate your Mandarin language skills?

dtcpay is a regulated payment service provider that offers reliable solutions for merchants to grow revenues with increased acceptance rates across fiat and cryptocurrency. Our client\'s customers benefit from frictionless payment experiences, whether they are using our award-winning POS+ terminal in-store or using our online checkout solution.

Founded in 2019 in Singapore, dtcpay is a licensed Major Payment Institution (MPI) under the Monetary Authority of Singapore (MAS) and offers Digital Payment Token (DPT) services. We have expanded our global footprint with subsidiaries in the Americas, Hong Kong and the Middle East.

Kuala Lumpur City Centre, Kuala Lumpur, MY

20d ago

Researching careers? Find all the information and tips you need on career advice.