About Us
Green Link Digital Bank is Singapore's inaugural wholesale digital bank focusing on supply chain finance, mainly serving MSMEs and aiming to help MSMEs grow and improve digitization.
About the Role
The successful candidate will be responsible for the implementation, maintenance, and optimization of the bank's security posture across on-premises and cloud environments. This role focuses on safeguarding the network perimeter and cloud infrastructure, ensuring the confidentiality, integrity, and availability of critical financial systems while adhering to stringent regulatory security standards.
Responsibilities
- Implement and maintain security architecture across both on-premises and cloud platforms, applying zero-trust principles and defense-in-depth strategies..
- Configure and manage enterprise-grade security equipment, including Next-Generation Firewalls (NGFW), Intrusion Detection/Prevention Systems (IDS/IPS), WAFs, CDN and proxy.
- Identify, analyze, and mitigate security vulnerabilities and threats within the network and cloud infrastructure through regular scanning and monitoring.
- Collaborate with network and infrastructure teams to enforce network security policies, implement network segmentation (micro-segmentation), and manage secure access controls.
- Manage cloud security configurations for VM, container and Kubernetes based workload, ensuring secure networking in virtualization layer and tiered defense.
- Deploy and operate cloud-native security services (e.g., Security Groups, VPC Peering security, Cloud firewall, routing) in accordance with industry best practices to secure north-south and east-west traffic.
- Coordinate with security vendors and Managed Security Service Providers (MSSPs) to support security monitoring (SOC), resolve incidents, and optimize security toolsets.
- Support change management and security governance processes, ensuring that infrastructure changes undergo necessary security reviews.
- Maintain secure hybrid cloud connectivity, managing encrypted tunnels for site-to-site VPNs and secure API integrations.
- Assist in ensuring security infrastructure aligns with regulatory standards such as MAS TRM, SWIFT CSP, and BCS PSP, and support technical evidence gathering for audits.
- Participate in network design discussions to propose security requirements and assess design effectiveness.
- Develop and maintain documentation for security designs, firewall rulesets, incident response playbooks, and security procedures.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- At least 5 years of experience in security engineering, with a strong focus on network security and cloud security in a production environment.
- Experience working in regulated financial institutions or CII is highly preferred.
- Hands-on experience using AI-assisted coding tools to write, debug, and optimize scripts for automation (e.g., Python, Bash).
- Hands-on experience with security vendors such as Palo Alto, Fortinet, Checkpoint, or Cisco.
- Solid understanding of security protocols and concepts (SSL/TLS, SSH, IPsec, OAuth2, SAML, Cryptography and Zero Trust Architecture).
- Strong knowledge of cloud security concepts (e.g., VPC security, Security Groups, IAM roles, Landing Zone, Cloud Security Posture Management - CSPM).
- Familiarity with container security (Kubernetes/Docker) and hybrid cloud security integration.
- Experience with Linux security hardening and operation is a plus.
- Strong analytical and problem-solving skills, with the ability to perform root-cause analysis on security vulnerabilities.
