Search by job, company or skills

M

Cyber Security Engineer

MetaComp
Singapore
5-10 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted 17 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

About Us

MetaComp Pte Ltd is a leading Singapore-based digital payment solution provider, licensed and regulated by the Monetary Authority of Singapore (MAS) as a Major Payment Institution, to provide Digital Payment Token Services and Cross-border Payment Transfers. Operating under a P2B2C (platform-to-business, partners-to-clients) model, MetaComp provides its clients with an integrated end-to-end suite of services, empowering them to confidently enter the digital asset market with much-needed safety, security, and compliance assurance. Together with its parent company, Metaverse Green Exchange Pte. Ltd. (a MAS-licensed CMS holder permitted to carry out, inter alia, brokerage and custody services), MetaComp introduces its suite of services through CAMP (Client Assets Management Platform) which allow businesses to develop and scale their digital asset offerings through various products and/or services such as over-the-counter transactions, fiat payments, digital asset custody and prime brokerage.

Role Overview

We are seeking a hands-on Security Engineer to strengthen our security posture across identity, endpoint/mobile baselining, application security (DevSecOps), detection & response engineering, and tech risk compliance readiness. This candidate will partner with Engineering, Infrastructure, Technology Operations to reduce risk, close telemetry gaps, automate response, and embed security controls into platforms and delivery pipelines.

This role requires an engineer who can build guardrails, pipelines, controls, measure coverage, detection maturity, response time, and participate in security incident support, purple-team exercises, audit/forensics evidencing.

Key Responsibilities

Social Engineering & Identity Risk Mitigation

  • Design and implement controls to reduce social engineering risk (phishing, MFA fatigue, helpdesk impersonation, BEC patterns).
  • Lead and enhance Enterprise SSO integrations (SAML/OIDC) across business-critical applications.
  • Roll out and optimize MFA strategies (phishing-resistant methods where possible), conditional access, and identity risk-based policies.
  • Partner with IT and HR to deliver security awareness enablement that drives measurable behavioral change (e.g., reduced click rates, improved reporting).KPIs include reduced account takeover risk, consistent SSO/MFA coverage, measurable phishing resilience.

MDM Security Baselining & Endpoint/Mobile Hardening

  • Define and enforce security baselines for MDM (Linux/iOS/Android/Windows/macOS) including encryption, jailbreak/root detection, OS patch requirements, device compliance, and secure app configurations.
  • Partner with IT EUC teams to implement guardrails (e.g., device posture checks for SSO access, conditional access based on compliance).
  • Build configuration compliance reporting and remediate drift at scale.
  • KPIs include baseline compliance, reduced configuration drift, improved endpoint/mobile assurance.

Strengthen Application Security Posture (DevSecOps)

  • Embed security controls into CI/CD for: SAST (static analysis), DAST (dynamic analysis), SCA (open-source dependency risk), IaC security (Terraform/CloudFormation/etc.), Policy-as-code (guardrails for cloud and CI/CD)
  • Define secure SDLC requirements (threat modeling, security gates, risk-based exceptions, remediation SLAs).
  • Establish and maintain secure coding standards and deliver developer enablement/training.
  • Partner with engineering leaders to prioritize and reduce vulnerability backlog and prevent regression.
  • KPIs include improved coverage of automated security testing, reduced critical vulnerabilities in production, faster remediation SLAs.

Centralized Secrets Management (Eliminate Hard-Coded Credentials)

  • Implement and govern centralized secrets management (e.g., Vault, cloud-native secret managers), including: No hard-coded credentials in code/repos/build logs, Secret rotation and lifecycle policies, Least-privilege access and audit logging
  • Build detection/prevention for secret leakage (pre-commit scanning, CI checks, repository scanning).
  • Drive adoption with engineering teams via patterns, templates, and paved-road tooling.
  • KPIs include reduced secret exposure, consistent rotation policies, measurable reduction in credential leakage.

Detection Engineering, MITRE ATT&CK Alignment, and Threat Hunting

  • Develop and tune detections aligned to MITRE ATT&CK techniques relevant to our environment.
  • Support proactive threat hunting and improve detection efficacy using ATT&CK-driven hypotheses.
  • Close telemetry gaps between SOC defend visibility and hunt requirements (endpoint, identity, cloud, application logs, CI/CD telemetry).
  • Define detection coverage metrics (e.g., ATT&CK technique coverage, alert quality, false positive rate).
  • KPIs include improved detection coverage, lower false positives, reduced blind spots.

Purple Teaming & Adversary Emulation

  • Participate in and/or lead purple-team exercises with SOC/MDR, engineering, and red-team/pen-test partners.
  • Translate findings into actionable engineering work: detection content, logging improvements, control hardening, and automated response.
  • Validate security controls continuously (vs. annually) using realistic scenarios.
  • KPIs include validated controls, faster closure of findings, better readiness against real attacker paths.

Security Automation & Response Engineering

  • Build automated runbooks and orchestration (SOAR, scripting, playbooks) to Improve mean time-to-detect (MTTD) and time-to-recover (MTTR), Standardize triage, enrichment, containment, and recovery
  • Reduce manual toil through automation and high-fidelity alert enrichment.
  • Contribute to security incident response by improving tooling, logging, and repeatable playbooks.
  • KPIs include improved operational KPIs (TTD/TTR), scalable response workflows, reduced analyst toil.

Configuration Controls: TRM, CIS Benchmarks & Platform Guardrails

  • Embed MAS Technology Risk Management (TRM) and other regulatory requirements into platform engineering and implementation patterns.
  • Implement and maintain configuration controls mapped to CIS Benchmarks (OS, cloud services, containers/Kubernetes where applicable).
  • Create compliance-as-code patterns and continuous configuration monitoring for drift and exceptions.
  • KPIs include consistent configuration posture, audit-ready evidence, fewer critical misconfigurations.

Compliance Enablement (Preferred) SOC 2 & PCI-DSS

  • Support SOC 2 Type I/II readiness and ongoing operations: evidence collection automation, control testing support, and remediation tracking.
  • Support PCI-DSS requirements where applicable (segmentation, secure configurations, logging/monitoring, vulnerability management).
  • Partner with GRC and system owners to ensure controls are implemented pragmatically and sustainably.
  • KPIs include: audit readiness, reduced last-minute evidence scrambles, fewer repeat findings.

Required Qualifications

  • 510 years in Security Engineering, DevSecOps, Application Security, Detection Engineering, or adjacent security roles.
  • Strong experience with SSO (SAML/OIDC), MFA, identity policy design, and integrating enterprise apps.
  • Demonstrated delivery of DevSecOps security controls (SAST/DAST/SCA/IaC/policy-as-code) in CI/CD.
  • Experience implementing or operating secrets management and preventing credential leakage.
  • Practical knowledge of MITRE ATT&CK and translating it into detections/hunts.
  • Ability to build or improve security automation/runbooks (SOAR, scripting, APIs).
  • Familiarity with CIS Benchmarks and applying configuration baselines across platforms.
  • Strong collaboration and communication skillsable to influence engineering roadmaps and drive adoption.

Preferred Qualifications

  • Experience supporting SOC 2 and/or PCI-DSS certification efforts.
  • Cloud security experience (AWS/OCI/GCP), including cloud-native logging and controls.
  • Experience with EDR/SIEM and detection engineering at scale (CrowdStrike, etc.).
  • Experience with container/Kubernetes security and pipeline guardrails.
  • Security-related certifications (nice-to-have): CISSP, CCSP, GIAC, OSCP, cloud security speciality certs.

What a successful candidate will look like

  • Builder mindset with strong operational awareness.
  • Comfortable operating across Security, Engineering, and IT.
  • Ownership, bias for automation, measurable outcomes, and scalable guardrails.

We are committed to creating an inclusive workplace where every individual feels respected, valued, and empowered to contribute. We celebrate diversity in all its formsbackground, ethnicity, gender, identity, orientation, experience, and thoughtand believe it strengthens our culture and our work. We are proud to be an equal opportunity employer and do not discriminate on the basis of race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, or any other protected characteristic.

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Security Engineering
Employment Type:
Full time

About Company

MetaComp

Job ID: 145268243

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 31-03-2026 11:18:15 PM
Homejobs in SingaporeCyber Security Engineer

Similar Jobs

Senior Cyber Security Engineer

percept solutions pte. ltd.
P

Information Technology - Cyber Security Engineer (Threat Management and Incident Response) (Scoot)

SINGAPORE AIRLINES LIMITED
S

Cyber Security Engineer

resource consulting pte. ltd.
R

Information Technology - Cyber Security Engineer

Singapore Airlines
S

Cyber Security Engineer DLP

Encora Inc.