Search by job, company or skills

Raccoon Labs

Senior Security Engineer

Raccoon Labs
Singapore
5-7 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted 2 days ago
  • Be among the first 10 applicants
Early Applicant

Job Description

We're looking for a hands-on Security Engineer / Architect to help secure our systems, data, and funds across both traditional infrastructure and Web3.

About the Role

You'll work closely with IT, Infra, R&D, Web3, Product, and business teams to design practical security controls, lead security projects end-to-end, run offensive security exercises, and support ongoing security initiatives. This is a role for someone who is comfortable going from high-level architecture to very concrete implementation details and automation.

Responsibilities

Core Security Engineering

  • Design and implement security controls to protect sensitive data, financial assets, and critical systems, ensuring integrity, confidentiality, and availability.
  • Evaluate, recommend, and lead the implementation of security solutions (tools, platforms, processes) in a hands-on manner.
  • Own security projects from inception to rollout, working closely with IT, Infrastructure, R&D, Web3 and other business units to ensure secure and timely delivery.
  • Proactively identify and assess risks and vulnerabilities, and define/enforce mitigation strategies (technical and process).

Offensive Security, Testing & Bug Bounty

  • Plan and execute penetration tests and targeted assessments (applications, APIs, infrastructure, Web3 components) either directly or by coordinating external partners.
  • Lead or support red teaming / adversarial simulations to test detection, response, and real-world resiliency of critical workflows and infrastructure.
  • Work with engineering teams on purple teaming style exercises: jointly validating detections, hardening controls, and improving runbooks.
  • Own the technical side of the bug bounty / responsible disclosure process:
  • Triage and validate incoming reports
  • Coordinate with engineering owners
  • Track remediation and communicate outcomes internally (and externally where needed)

Automation & Security Engineering

  • Build and maintain security automation: scripts, playbooks, and pipelines that reduce manual toil (e.g., auto-enrichment of alerts, automated checks in CI/CD, policy-as-code).
  • Integrate and tune SAST/DAST/SCA, IaC scanning, image scanning, and secrets scanning into CI/CD to catch issues early with minimal noise.
  • Implement detection-as-code (e.g., for SIEM / logging platforms) and continuously refine alerts based on real incidents and red team learnings.

Policy, Operations & Collaboration

  • Develop, refine, and maintain security policies, standards, and procedures, with a strong focus on data, funds, and access security.
  • Contribute to day-to-day security operations and monitoring, including reviewing alerts, supporting incident response, and improving detection & response capabilities.
  • Collaborate with stakeholders (IT, HR, Infra, R&D, Product, Trading, and other teams) to align security initiatives with business goals and product roadmaps.

Qualifications

  • 5+ years of hands-on experience in cybersecurity, with a proven track record designing and implementing security solutions, frameworks, and policies.
  • Experience with security architecture, risk assessments, and vulnerability management in complex, fast-paced environments.
  • Demonstrated experience in at least one of:
  • > Penetration testing / offensive security (infra, apps, APIs, or Web3), or
  • > Running or working closely with red team / purple team engagements
  • Experience triaging and managing security findings from scanners, pen tests, and bug bounty programs (HackerOne, Bugcrowd, self-hosted, etc.).
  • Demonstrated ability to deploy and administer IAM platforms (e.g., Okta or similar) and define robust access models (RBAC, SSO, MFA).
  • Competence in configuring and managing EDR and MDM solutions across a diverse device and user base.
  • Hands-on experience with regulatory and compliance requirements relevant to financial institutions or crypto companies (e.g., SOC 2, ISO 27001:2022, NIST, CIS).
  • Background working at Web3 / crypto companies (DeFi, trading platforms, digital asset custody/security, etc.) is highly advantageous.
  • Comfort with at least one scripting / programming language (Python, Go, TypeScript, etc.) to build automations, integrations, and internal tools.

Required Skills

  • Strong team player who enjoys working cross-functionally with IT, HR, Infra, R&D, Product, Trading, and business stakeholders.
  • Genuinely passionate about cybersecurity, offensive and defensive: enjoys thinking like an attacker but building like an engineer.
  • Experience embedding security best practices into day-to-day workflows (development, infrastructure, operations) and driving automation over manual checks.
  • Ability to articulate complex security concepts in clear, practical terms to both technical and non-technical audiences.
  • Values ownership, accountability, and clear communication, and is comfortable operating in a fast-changing environment with high autonomy.

Certifications

  • Must-have
  • > OSCP we expect a deep, hands-on understanding of offensive techniques, not just theory.

  • Nice to have
  • > CISSP, CISM, or equivalent broad security leadership/architecture certifications.
  • > Relevant GIAC certs (e.g., GWAPT, GCPN, GSEC, GCLD, GCIA, GIAC Cloud / Web / Exploit tracks).
  • > Cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer).
  • > Kubernetes / container security or general K8s certifications (CKS, CKA, etc.).

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Cybersecurity
Employment Type:
Full time

About Company

Raccoon Labs

Job ID: 135678359

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 14-12-2025 00:59:23 AM
Homejobs in SingaporeSenior Security Engineer