Security Engineer

About Syfe Syfe is a digital investment platform with a mission to empower people to build their wealth for a better future.  Faced with information overload and competing priorities, people with the desire to improve their wealth and financial future lack the time, patience and know-how to put their money to work. Current solutions fail to solve the friction and problems faced with growing wealth, and as a result, people are not optimising their investment and savings.  Through Syfe’s revolutionary wealth management experience, people can grow their money to its fullest potential and manage wealth in one destination. Our innovative investment tools, strategies and access to the latest insights, support users in acting for their financial future, now. We offer leading institutional methodologies and partner with global asset managers to achieve the best outcomes for one’s money. Across our markets in Singapore, Australia and Hong Kong, Syfe’s team comprises the brightest talent from leading technology and financial institutions. Currently, over 100,000 investors in Singapore alone trust Syfe to manage their money. Since its founding, Syfe has raised more than US$50 million from world-class investors. The company has won multiple awards including Wealth Management Fintech of the Year by the Asian Banking and Finance Awards 2022, as well as being recognized as one of the Top LinkedIn Startups in Singapore 2023. Find out more about us at  . Who are we: While we are a diverse set of people, we value the following core traits : Fast learning: We often require learning new tools and technologies. We believe in adopting them if they are particularly well suited for our problems, instead of limiting ourselves to what we already know. However, we are always short of time and therefore have to learn fast. Versatility: While each one of us has a core skill, we possess at least one secondary skill as well. Apart from allowing the team to be fluid, it also helps us understand how all pieces (frontend, database, network, servers, etc.) fit together. Madness about quality: Put together, individual lines of code should be robust, scalable, high-performance, fault-tolerant, and most importantly, beautiful software. We also stay up-to-date with the latest in the world of software to make ourselves better. Passion: To try out new ideas and iterate on existing product features, and love experimenting with new technology if it's right for the job. Because not only do we ride the cutting edge, we make it happen. Collaboration: We believe that engineering is a continuous process of learning and improvement and that the best way to learn is by getting help from your fellow engineers. Coding is more fun when you do it together and appreciate the feedback. Responsibilities: Vulnerability Assessment & Penetration Testing against Web applications, Mobile applications(Android+iOS ), and Infrastructure. Vulnerability management adhering to ISMS policy and regulatory compliance. Document TTP (Techniques,, Tactics and Procedures) used during a security assessment Hands-on experience with SAST, DAST, and open-source vulnerability management tools Coordinate with various technology stakeholders to discuss identified vulnerabilities and assist the engineering team in planning for risk mitigation. Active participation in planning and implementation of new security benchmarks across the organization. Understanding of CI/CD pipeline and associated technologies. Hands-on experience in DevSecOps and security automation. Experience working in collaboration with product managers and software engineering teams to improve security throughout SDLC. Experience conducting application security reviews, API design, code reviews, root cause analysis, and system architecture. Experience working with modern cloud-based microservice architectures or cloud security(AWS) In-depth understanding of AWS security eco-system including IAM, Security Groups, NACL, CloudTrail, VPC flow log, CloudConfig, Encryption, Inspector, System Manager etc. Kubernetes experience, especially Kubernetes security experience, is a huge plus. Good experience in conducting red teaming campaigns and code reviews. Good to have skills (AWS security, EDR, WAF, Security monitoring). Coordinate with the Software Development team and perform source code and architecture reviews to identify vulnerabilities. Strong communication skills and ability to communicate ideas to both technical and non-technical people. Open to working on dynamic requirements along with pre-defined responsibilities within the information security group. Desired Skills : 2-5 years of proven experience in Penetration Testing. Application threat modeling CI/CD & DevSecOps experience Cloud security assessment(AWS) Analytical and problem-solving abilities. The Syfe Advantages: Annual learning allowance for work related online courses and book Annual recreational allowance Allowance for home-office setup Latest M1 Macbook Pro + as required hardware and software Best of all, our specialty is helping people manage their money. We will help you learn how to manage your own money like a pro Medical Insurance