Tech Lead – Security Operations

Cyberjaya, Malaysia | Posted on 14/07/2025

We’re looking for a Security Tech Lead based in Cyberjaya to lead and grow our Vulnerability Management function. At Deriv, you’ll take charge of our vulnerability lifecycle, helping us reduce exposure, automate risk reporting, and improve our global security posture.

This is a hands-on technical leadership role with a strong emphasis on Qualys, vulnerability intelligence, and automated remediation workflows. You will lead the charge on turning detection into action, building metrics that matter, and mentoring our growing security operations presence.

You’ll work closely with global stakeholders in Security, Engineering, IT, Compliance and other teams, while also acting as a regional technical lead, ensuring our platforms and services stay resilient, compliant, and ahead of emerging threats.

What You’ll Do

Lead Vulnerability Management for the Region

• Own vulnerability scanning, prioritization, and remediation for Deriv’s infrastructure across cloud, endpoints, and local networks.
  
• Operate and optimize Qualys VMDR, including asset tagging, scan profiles, and dynamic dashboards tailored to business risk.
  
• Generate and present security metrics (e.g. mean time to remediate, aging reports, SLA compliance) to global leadership and local management.
  
• Drive remediation efforts with Engineering and IT teams, ensuring alignment with SLAs and regulatory expectations.
  
• Build sustainable exception handling processes and risk-based triaging using CVSS, EPSS, and CISA KEV.
  

Apply AI & Automation to Accelerate Impact

• Automate vulnerability ticketing, assignment, and tracking using integrations between Qualys, ClickUp, Slack, and internal platforms.
  
• Use AI to enrich context (exploitability, asset value, risk clustering) and streamline documentation/reporting.
  
• Build dashboards and alerts that drive visibility and accountability at both technical and executive levels.
  

Advance Security Operations in Collaboration with Global Teams

• Act as a bridge between global Security Operations and local IT and engineering teams to coordinate detection and hardening strategies.
  
• Correlate vulnerability data with SIEM, EDR, and threat intel to prioritize risks that matter most.
  
• Help refine internal processes for configuration reviews, threat modeling, and patch validation.
  

Mentor, Train, and Influence

• Serve as a technical mentor for local security analysts, helping them grow in threat analysis, vulnerability triage, and remediation planning.
  
• Participate in internal audits, and architecture reviews for new systems deployed.
  
• Lead security knowledge sharing sessions across departments and time zones.
  

What You Bring

• 8+ years of experience in cybersecurity, with a strong track record in vulnerability management and remediation leadership.
  
• Deep knowledge of Qualys or similar platforms (Tenable, Rapid7), including customization, dashboards, and reporting.
  
• Experience working with metrics, KPIs, and dashboards that influence decision-making and improve security maturity.
  
• Familiar with global compliance and regulatory requirements (e.g., ISO 27001, GDPR, DORA, PCI-DSS).
  
• Strong skills in automation (Python, Bash, API integrations) to eliminate repetitive tasks and enhance visibility.
  
• Proven experience collaborating with cross-functional teams, including IT, DevOps, and Compliance.
  
• Clear communicator with the ability to explain technical risk to both engineers and non-technical leaders.
  
• Experience in a global organization with remote teams and asynchronous communication is a plus.
  

What We Offer

• A high-ownership role in a growing Security Operations team with real influence on our security strategy globally.
  
• Opportunity to drive innovation through automation and AI in vulnerability management.
  
• A hybrid working environment in Cyberjaya with a collaborative and multicultural team.
  
• Competitive salary, flexible benefits, and long-term career growth.
  
• Access to leading security tools, technologies, and training programs.
  

At Deriv, we build online trading platforms trusted by millions. Security is central to what we do, and vulnerability management is one of our first lines of defense. As a Tech Lead in our Cyberjaya office, you’ll have the platform, tools, and team to make a real difference.

If you're passionate about automation, metrics, and building secure systems from the ground up, this is your opportunity to lead.