System Security Engineer - Blue Team

About Fazz Financial Group Fazz Financial Group is a digital financial services group founded in 2016. It is based in Southeast Asia, and is the holding group for over 10 FinTech startups, which includes PayFazz, Xfers, Modal Rakyat, StraitsX, and others. Fazz Financial Group’s mission is to enable financial access for everyone, especially within Southeast Asia, where 70% of its population is underserved. Fazz Financial Group has headquarters in Singapore and Indonesia, with 600 staff spread across regional offices in Malaysia, Taiwan, and Vietnam. We are proud to be local and knowledgeable about the region, giving an intimate understanding of Southeast Asia’s financial needs. As a local group born and bred in Southeast Asia, companies within Fazz Financial Group are among the first Indonesian startups, and one of the many Singaporean startups to be seeded by the prestigious Y-Combinator programme. We are backed by  both global and local investors including Insignia Venture Partners, B Capital, BRI Ventures, and many others.  We know how important our mission is to improving the livelihoods of millions of people in Southeast Asia. That's why we're looking for passionate and driven people to join us to accelerate financial access for everyone. Head to our website to get to know us better: https://fazzfinancial.com/

What you'll do

• Conduct full-cycle engagements with business units independently, or as part of a team.
• Implement Detection Systems in the infrastructure to detect and prevent any incoming attack.
• Communication skillset to influence Developers and Product Managers to prioritize and execute remediation plans.
• Perform static code analysis on our codebase and library to discover and document vulnerabilities on a regular basis.
• Setup operational procedures to manage any attacks or vulnerabilities.

What we're looking for

• Minimum 2+ years in an Information Security role, preferably in blue teaming or vulnerability management.
• Experience with at least 1 interpreted or compiled languages such as Python, Go, JavaScript, Ruby, JAVA etc.
• Enjoy playing CTF game.
• Experience with cloud service providers and their offerings, preferably AWS and GCP and its various technologies and APIs.
• Experience with various testing tools, such as Kali ,Metasploit, Nmap, Nessus, Burp Suite, etc.
• Experience with SAST and DAST.
• Knowledge in OWASP Top 10 of Web/Mobile, API.
• Knowledge in DevSecOps. BS/MS Degree in any relevant major. (computer science or equivalent degree) OR a proven track record in DevSecOps such as: SOC/SIEM operation experience, Network security relevant experience (firewall, IDS, IPS), Analysis cybersecurity intelligence from logs, Build internal cybersecurity tool/utilities to help organization defense threat.
• Managing on-premise physical servers is a plus to have.
• You will need to constantly upgrade your skills and update your knowledge along with the latest developments in the world of DevSecOps.

We love reviewing all the applications we receive, but unfortunately, we may not be able to get back to everyone individually.  If we’d like to move forward with your application, we’ll definitely be in touch!
Fazz Financial Group is an equal opportunity employer. Individuals seeking employment at Fazz Financial Group will be considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, or any other characteristic protected by applicable laws.
By submitting your application, you agree that Fazz Financial Group may collect your personal data for recruiting, regional organization planning, and related purposes.