dtcpay is a MAS licensed payment service provider that bridges traditional finance and digital assets. We enable businesses to accept and make payments in both fiat and digital currencies, delivering secure, efficient, and seamless payment experiences across borders. As we expand globally, we are shaping the future of digital payments.
We are also recognised as one of Singapore's Top 10 Startups in the LinkedIn Top Startups 2025 list, a reflection of our momentum and the exciting journey ahead for our team.
We are looking for a seasoned Senior Cybersecurity Engineer (Cloud Security and Governance) to secure our digital payment infrastructure and lead our cyber resilience initiatives. Reporting directly to the Head of Technology Governance, you will act as a hybrid technical lead and governance manager. You will be responsible for hands-on cloud security architecture, managing 24/7 security operations, and ensuring compliance with stringent financial regulations across Singapore, Hong Kong, Malaysia, Vietnam, and Luxembourg.This is a critical role for a professional who thrives in a high-growth Fintech environment, balancing proactive threat hunting with rigorous regulatory adherence. Depending on experience, the role may be considered at either a Senior Specialist level or a Manager level.
What You'll Do:
Cloud & Infrastructure Security
- AWS Security Architecture: Design, implement, and monitor security controls within AWS. Manage AWS Security Hub, GuardDuty, Inspector, and IAM policies to ensure a hardened cloud posture.
- WAF Configuration: Take ownership of Web Application Firewall (WAF) strategies. Configure and tune AWS WAF or Akamai WAF rulesets to mitigate OWASP Top 10 vulnerabilities, bot attacks, and DDoS threats.
- DLP & CASB Management: Implement and manage Cloud Access Security Broker (CASB) solutions to enforce Internet usage policies and Data Loss Prevention (DLP) monitoring, ensuring sensitive financial data is protected across SaaS applications.
Incident Response & Security Operations
- L1L3 Incident Management: Lead the end-to-end incident response lifecycle. Act as the escalation point for L1/L2 triggers, handling L3 deep-dive investigations, forensics, and root cause analysis.
- SOC Management: Oversee the Managed Security Operations Center (SOC) vendor. Ensure effective 24/7 monitoring, validate the quality of escalations, and refine detection playbooks to reduce false positives.
- Threat Hunting & Modelling: Proactively hunt for indicators of compromise (IoCs) within the network. Develop threat models specific to payment gateways to anticipateand neutralise sophisticated attacks.
Governance, Risk & Resilience
- Regulatory Compliance: Ensure technology controls align with regional financial regulations and privacy laws, specifically: MAS (Monetary Authority of Singapore) TRM Guidelines, BNM (Bank Negara Malaysia) RMiT, HKMA (Hong Kong), CSSF (Luxembourg), Vietnam Cybersecurity Law & Data Privacy regulations
- BCP & DR Management: Lead the Business Continuity Planning (BCP) and Disaster Recovery (DR) programs. Coordinate regular drills to ensure operational resilience in the event of a cyber-attack or outage.
- Cyber Simulations: Plan and facilitate Tabletop Exercises (TTX) involving technical teams and C-suite executives to test and improve organisational readiness.
What We're Looking For:
- At least 5 years of experience in Cybersecurity, with specific exposure to the Fintech, Banking, or Payments sectors.
- Hands-on experience with AWS Cloud Security services.
- Proven expertise in configuring Akamai or AWS WAF.
- Experience deploying CASB/DLP solutions (e.g., Netskope, Zscaler, McAfee).
- Strong working knowledge of MAS TRM, BNM, and GDPR/PDPA privacy standards.
- Certifications: Possession of industry-recognised certifications is highly valued:
- CISSP (Certified Information Systems Security Professional)
- CREST (Registered Intrusion Analyst/Tester)
- CEH (Certified Ethical Hacker)
- CCSP (Certified Cloud Security Professional)
- CISM (Certified Information Security Manager)
Core Competencies
- Ability to manage external vendors (Managed SOC) and internal stakeholders effectively.
- Capable of translating complex technical threats into business risksfor senior management.
- Comfortable working in a fast-paced, high-growth startup environment whereroles may evolve.
- The role is based fully onsite, requiring your presence in the office.
