Information Security Engineer

FINEXUS Group

Malaysia, Kuala Lumpur

2-4 Years

Save

Posted a day ago
Be among the first 10 applicants

Early Applicant

Job Description

Why This Role Matters

At Finexus, security is fundamental to the trust our clients place in our SaaS, infrastructure, and outsourcing services for the banking and financial industry. The Information Security Engineer plays a critical role in protecting our systems, data, and platforms from evolving cyber threats. This role ensures our security posture remains strong, compliant, and aligned with regulatory and organizational risk management standards.

About the Role

You will be responsible for designing, implementing, and maintaining security controls across Finexus technology environments. Working closely with IT, Application, and business teams, you will help identify risks, monitor threats, and drive continuous improvement of our security operations. This role requires strong technical depth, attention to detail, and a proactive security mindset.

Mission / Expected Outcomes

Maintain a strong and compliant corporate security posture.
Detect, assess, and mitigate security threats effectively.
Continuously improve security systems, monitoring, and controls.
Support audits, certifications, and re-certification processes.
Strengthen organizational awareness and adherence to security policies.

Key Responsibilities

Security Operations & Monitoring

Manage and configure SIEM systems, including adding, removing, and fine-tuning monitoring and alert rules.
Identify and recommend new monitoring use cases from log files.
Manage and configure IDS/IPS, including enabling, disabling, and fine-tuning detection rules.
Conduct threat hunting, vulnerability scanning, assessment, eradication, and mitigation.
Handle corporate security threats and incidents.
Respond to alerts from SIEM and incidents reported by internal or external parties.

Vulnerability & Threat Management

Stay up to date with the latest vulnerabilities, zero-day threats, and threat intelligence.
Perform vulnerability assessments and penetration testing on devices, applications, operating systems, libraries, and software.
Use tools such as nmap, tcpdump, Wireshark, Nessus, Nikto, Wapiti, testssl, and similar.

Incident Response & Investigation

Lead and support incident response and investigation activities.
Coordinate with IT and Application teams to remediate vulnerabilities.
Ensure security best practices and corporate security policies are followed.

Security Awareness & Reporting

Conduct security awareness training initiatives.
Manage monthly phishing simulation exercises.
Support yearly PCI self-paced training programs.
Prepare and deliver monthly SOC and threat assessment reports.

Compliance, Audit & Certification

Support corporate certifications and compliance frameworks including:
PCI-DSS, PCI-3DS, PCI-PIN
ISO/IEC 27001, ISO 9001
SOC-2, BNM RMiT
Collect, prepare, and maintain audit evidence.
Support audits and due diligence exercises with internal and external stakeholders.

Continuous Improvement

Proactively pursue self-development through courses and certifications.
Sit for industry exams such as HTB CBBH, HTB CPTS (exam fees covered by the company upon passing).

Job Requirements

Education & Experience

Diploma or Bachelor's Degree in Computer Science, Software Engineering, Information Technology, or related field.
At least 2 years of experience in software development, cybersecurity, or information security.

Technical Skills

Proficiency in programming and scripting.
Strong understanding of vulnerability types and OWASP Top 10.
Familiarity with tools such as:
Network/diagnostic: ping, telnet, nmap, nslookup, dig, tcpdump, Wireshark
Security testing: Nessus, Nikto, Wapiti, testssl
Experience with SIEM, IDS/IPS, vulnerability scanning, and penetration testing is highly preferred.

Certifications (Added Advantage)