Security Development Engineer

SUMMARY OF RESPONSIBILITIES

• Part of the Security Engineering team, responsible for co-developing solutions and automation workflows to improve the overall security posture of PayNet.
• Serve as a change agent in automation initiatives, building pipelines to enhance operational efficiency.
• Ensure that sound security controls are in place, commensurate with business operations and the risks posed.

KEY AREAS OF RESPONSIBILITIES

• Serves as a member of the technical committee and as a point of reference for the team in the following areas:
• Development and Operations, with a strong emphasis on Python as the primary requirement, specializing in:
  • Automated solutioning to support both strategic and tactical plans, including operations and engineering (Python is essential; familiarity with Ansible, Terraform, Robot Framework, and Playwright is advantageous).
  • Ownership of assigned projects and tasks, including engineering, testing (such as code analysis/SAST for vulnerabilities, code smells, etc.), and release activities, by building custom integrations and tooling within the existing CI/CD pipeline; practices GitOps (GitLab, Docker, Kubernetes, Helm, ArgoCD).
  • Designing, developing, and maintaining internal systems, including the internal asset inventory system and the vulnerability management system, to improve automation, visibility, accuracy, and security operations.
• Monitoring & Observability: Deploying, integrating, and managing monitoring/observability metrics using open-source solutions (Telegraf, InfluxDB, Prometheus, Grafana) for application performance, utilization, and health monitoring.
• Process & Quality Improvement: Developing and enhancing existing processes, automation, best practices, and documentation.
• Asset & Capacity Management: Performing operational and strategic management of hardware and software assets, including solutioning and capacity planning, to improve the overall security posture of PayNet.
• Asset Inventory Integrity: Ensuring the effectiveness and accuracy of the integrated asset inventory, with timely updates.
• API Development: Being well-versed in API gateway development and RESTful APIs for integration with other systems, and adopting an API-first approach.
• Cross-Department Collaboration: Managing communication and collaborative efforts across departments/divisions throughout the lifecycle of hardware and software models.
• Cyber Resilience Support: Serving as a supporting member of the Cyber Resilience initiative, primarily driven by BNM's RMiT requirements and organizational/business needs.
• Security Awareness: Staying abreast of industry security practices relevant to technologies adopted by PayNet.
• Special Projects: Participating in special project teams (based on core capabilities) related to information security, as needed, to respond to ad-hoc or unexpected security events, or as required by business and technological developments.
• Source Code Review: Performing source code reviews using code-scanning tools; reviewing and validating scan results; and preparing reports with recommended remediations and areas for improvement.

QUALIFICATIONS

Technical Qualifications

• • Bachelor’s degree in Computer Science, Information Systems Technology, or Software Engineering.
  • Experience across Development and Operations, including tooling and platforms such as Kubernetes, Terraform, Ansible, Prometheus, Telegraf, InfluxDB, Grafana, GitLab or Jenkins.
  • 1–3 years of relevant experience in Information Technology, with proven technical capabilities in Software Development, IT Operations, Service Management, and/or Data Centre Management.
  • Relevant work experience in the Financial Services and/or Technology sectors is an added advantage.
  • Excellent command of both English and Bahasa Malaysia.

Additional Requirements

• Strategic in planning and organizing, with effective interpersonal and project management skills.
• An added advantage if in possession of relevant industry-recognized certifications such as Python, Linux, Kubernetes, or information security certifications (e.g., CISSP, CEH).