Security Engineer

Job Description

About Us:

MatchMove is a leading embedded finance platform that empowers businesses to embed financial services into their applications. We provide innovative solutions across payments, banking-as-a-service, and spend/send management, enabling our clients to drive growth and enhance customer experiences.

Are You The One

As a Security Engineer, you will be the guardian and enabler of secure engineering practices across our entire technology footprint. You'll drive the shift-left security philosophy, embedding security early in the development lifecycle while ensuring our payment platform remains resilient against evolving threats. You'll work closely with our Go and PHP engineering teams to build security into our DNA, not bolt it on as an afterthought.

You Will Contribute To

- Establishing and driving a comprehensive shift-left security charter across all engineering teams and cloud infrastructure
- Maintain , upgrade and enhance automated security testing pipelines that integrate seamlessly with our CI/CD workflows
- Conducting thorough network security assessments for our cloud-native payment infrastructure
- Shift left SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing)practices for our Go microservices and legacy PHP systems
- Creating security guardrails that empower developers to build secure-by-default services
- Protecting billions in financial flows through proactive threat modeling and security architecture reviews
- Enabling compliance with PCI-DSS, ISO 27001, and regional financial regulations through security controls

Responsibilities

- Network Security Testing & Assessment

- Conduct regular penetration testing and vulnerability assessments across our cloud infrastructure
- Perform network segmentation reviews and validate zero-trust architecture implementations
- Assess API gateway configurations, WAF rules, and DDoS protection mechanisms
- Validate mTLS implementations and certificate management across microservices

- Code Security & Review Practices

- Implement and maintain SAST tools integrated with our Go and PHP development pipelines
- Conduct dynamic security testing (DAST) on running services and APIs
- Perform manual security code reviews for critical payment processing components
- Develop custom security linters and static analysis rules specific to our tech stack
- Champion secure coding practices through documentation, training, and tooling

- Shift-Left Security Leadership

- Drive security requirements gathering during design phase of new features
- Implement security gates in CI/CD pipelines without impacting developer velocity
- Create developer-friendly security tools and libraries (e.g., encryption helpers, secure defaults)
- Build threat modeling into sprint planning and architecture reviews
- Establish security champions program across engineering teams

- Infrastructure & Cloud Security

- Secure our Kubernetes clusters, container registries, and service mesh configurations
- Implement cloud security posture management (CSPM) across AWS/GCP/Azure
- Design and validate secrets management, key rotation, and HSM integration
- Monitor and respond to security events through SIEM and automated alerting

- Compliance & Governance

- Ensure security controls meet PCI-DSS Level 1 requirements for payment processing
- Support security audits and certification processes
- Maintain security runbooks and incident response procedures
- Document security architecture decisions and risk assessments

Requirements

- 5+ years of hands-on security engineering experience in production environments
- Deep expertise in application security testing (SAST, DAST, IAST) with tools like:

- SonarQube, Checkmarx, Veracode, or Semgrep for static analysis
- OWASP ZAP, Burp Suite, or similar for dynamic testing
- Go-specific tools like gosec, nancy, and staticcheck

- Proven experience in network security assessment including:

- Network penetration testing and vulnerability scanning
- TCP/IP, TLS/SSL, and cryptographic protocol analysis
- Cloud networking security (VPC, security groups, NACLs)

- Strong understanding of secure SDLC and DevSecOps practices
- Hands-on experience with container security (Docker, Kubernetes security policies, admission controllers)
- Proficiency in at least one programming language (Go, Python, or PHP preferred)
- Experience with cloud security in AWS, GCP, or Azure environments
- Knowledge of OWASP Top 10, CWE, and secure coding standards
- Understanding of financial services security requirements and compliance frameworks

Technical Skills

- Security Testing Tools: Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark
- SAST/DAST Platforms: SonarQube, Checkmarx, Veracode, Snyk, GitLab Security
- Cloud Security: AWS Security Hub, GuardDuty, Cloud Trail, IAM, KMS
- Container Security: Falco, Twistlock, Aqua Security, OPA (Open Policy Agent)
- Scripting: Python, Go, Bash for security automation
- Monitoring: ELK Stack, New relic, Wazuh, Prometheus/Grafana for security metrics
- IaC Security: Terraform security scanning, CloudFormation validation

Brownie Points

- Security certifications (OSCP, CISSP, CEH, AWS Security Specialty)
- Experience with payment card industry security and PCI-DSS implementation
- Contributions to security tools or vulnerability research
- Experience with Go security tooling and secure Go development practices
- Background in financial services or payment processing security
- Experience implementing zero-trust architectures
- Knowledge of GenAI security implications and LLM attack vectors
- Track record of building security culture in fast-moving engineering organizations

MatchMove Culture:

- We cultivate a dynamic and innovative culture that fuels growth, creativity, and collaboration. Our fast-paced fintech environment thrives on adaptability, agility, and open communication.
- We focus on employee development, supporting continuous learning and growth through training programs, learning on the job and mentorship.
- We encourage speaking up, sharing ideas, and taking ownership. Embracing diversity, our team spans across Asia, fostering a rich exchange of perspectives and experiences.

Personal Data Protection Act:

By submitting your application for this job, you are authorizing MatchMove to:

- collect and use your personal data, and to disclose such data to any third party with whom MatchMove or any of its related corporation has service arrangements, in each case for all purposes in connection with your job application, and employment with MatchMove; and
- retain your personal data for one year for consideration of future job opportunities (where applicable).