Security Engineer/Analyst

  • Job category
    Banking and Finance
  • Job level
    Senior Executive
  • Contract type
  • Location
  • Salary
    S$7000 - S$10000

Job Description

OANDA is looking for our next Security Analyst to join our growing information security team. This role will be based in Singapore, with team members in Poland and Canada. As a Security Analyst, you’ll be responsible for advancing the overall security maturity of the organization through developing and implementing our security program. You’ll form a key part of our security strategy by identifying and continually assessing our security posture against our internal security standards, industry best practices, compliance, and regulatory obligations, and the constantly evolving global threat environment.

Reporting to the CISO, you’ll collaborate with the Security Engineers and analysts on your team to address gaps and build resiliency through a layered approach to security. OANDA’s vision is to transform how our clients can meet all of their currency needs with innovative and award-winning solutions.

Primary Duties:

  • Teaching is core to scaling our security function; you’ll design and deliver education through formal (learning programs) and informal channels, including lunch and learns, training programs, design, and by having a strong presence on slack. You will also own our security onboarding program in our Learning Management System.
  • Evaluate, select and implement off-the-shelf solutions for vulnerability assessment, risk registration, business continuity, and security automation.
  • Lead tabletop and red team exercise to help prepare our platform and our teams for potential security threats.
  • Own and execute our security incident response process. Work as part of the blue team and assist the security engineers and developers during incidents, and perform forensic analysis of logs and events where necessary
  • Manage vendors through engagements such as third-party vulnerability assessments.
  • Manage our bug bounty program and ensure that our teams meet our SLAs for remediation based on security – if possible, you’re welcome to do hands-on development to help meet this objective.
  • Write and evaluate our security policies and standards, to ensure they are in line with modern best-practice (SANS, OWASP, NIST, etc). Perform gap analyses and internal audits to ensure we are complying with our policies and assist teams with remediation efforts where required.
  • Help scale the impact of the security team through implementing DevSecOps practices – work with the development teams to set up automation tooling as part of our secure application development process. Perform code-review to ensure security- and privacy-by-design practices are followed.
  • Security is everyone’s responsibility; help build a culture of security through continual advocacy and knowledge-sharing with your technical and non-technical colleagues.
  • Lead the security aspect of our regulatory and compliance initiatives (including GDPR); work with our compliance department to complete internal and external audits and look for opportunities to streamline these activities through automation, templating, and mapping our compliance obligations to recognized security standards.
  • Apply principles of least privilege and manage logical access controls for various systems across the organization, through implementing SSO, 2FA, onboarding and offboarding, audit, and automation.
  • Work with on-premise and cloud-native security tools, such as AWS GuardDuty, Google
  • Cloud Armor and Security Command Center, Rapid7, etc. to ensure our continued security and compliance.
  • Make security performance metrics accessible through executive-level and granular metrics, dashboards, and ChatOps.
  • Ensure customer privacy is respected through data classification and handling in our product platform, analytics, and back-office environments.
  • Stay up to date with the latest industry best practices and security landscape through involvement in security conferences and events (RSA, DefCon, BSides, etc).

Experience & Skills:

  • Bachelor's Degree or equivalent
  • Certifications (CIPP, CISSP, CIPM, CISM, CISA, CRISC, etc) are not required, but preference may be given to candidates with certifications or equivalent experience. Successful candidates may be given the opportunity to complete certifications during their employment.
  • Preference given to those with membership in, or history of membership in security industry groups such as IAPP, (ISC) 2
  • Working knowledge of security standards such as SOC2, ISO27001/ISO27002, NIST, OWASP, SANS, etc.
  • Experience with compliance and regulation in the financial industry.

Closing on 17 Dec 2021

orview more job listings from this company