Security Engineer

Apply now »

Date: 19 Mar 2025

Location: Braddell, SG

Company: Network For Electronic Transfers (S)

The NETS Group is a leading payments services group, enabling digital payments for merchants, consumers and banks across the entire payments value chain. 
 

The Group operates Singapore’s national debit scheme enabling customers of DBS Bank/POSB, HSBC, Maybank, OCBC Bank, Standard Chartered Bank and UOB to make payments using their ATM cards or mobile devices at more than 130,000 acceptance points in the country as well as online payments.

Position Summary

The Security Engineer plays a critical role in helping to design, implement and maintain various security tools that together form a layered defence against cyber threats.

This role involves evaluating, implementing, and managing security solutions across various domains, including endpoint protection, data loss prevention (DLP), email security, network security, vulnerability scanning, encryption, key management and detection engineering. 

The ideal candidate will work closely with security operations, IT, and risk teams to deploy and optimize security tools, develop policies, and improve detection and response capabilities.

Key Responsibilities

  1. Security Tools Engineering
    1. Partner with vendors to evaluate and implement security solutions, driving projects from proof-of-concept (POC) to full deployment.
    2. Ensure security tools are well-designed, thoroughly tested, and seamlessly integrated into operations.
    3. Provide expertise in various security domains and collaborate with stakeholders to minimize the impact on other systems and users.
    4. Manage and enhance endpoint protection platforms (EPP/XDR/EDR), antivirus, and host-based intrusion detection/prevention systems (HIDS/HIPS).
    5. Administer and optimize data loss prevention (DLP) solutions to safeguard against unauthorized data exfiltration and fine tuning DLP policies/rulesets.
    6. Oversee and maintain email security solutions (Secure Email Gateways, phishing protection, ICES, DMARC, SPF, DKIM) to protect against email-based threats.
    7. Configure and manage network security controls (firewalls, IDS/IPS, NAC, VPNs, proxies, WAFs) to ensure robust perimeter security.
    8. Implement and maintain vulnerability scanning solutions to identify and address security risks.
    9. Deploy and manage SIEM, UEBA, and SOAR tools for comprehensive security monitoring and response.
    10. Manage encryption technologies and key management solutions (KMS, HSM, PKI, TLS/SSL, disk encryption, database encryption) to secure sensitive data.
  2. Security by Design
    1. Serve as a subject matter expert for security design for projects within the organisation.
    2. Conduct Threat Modelling and Evaluate existing security posture, gaps and recommend practical enhancements.
  3. Risk Management and Compliance
    1. Ensure compliance with relevant local laws, regulatory requirements and industry standards or best practice.
    2. Assist in security audits and assessments.
    3. Continuous improvement for the process.
  4. Collaboration and Communication
    1. Collaborate with cross-functional teams to integrate security principles into technology processes and solutions.
    2. Support business projects and provide security assessment and consulting service.

Requirements

  • Degree in Computer Science, Computer Engineering or Information Security related fields.
  • At least 3-5 years experience in security engineering, with deep expertise in at least one or more security domains (endpoint, network, application, database, detection engineering), and hands-on experience in security projects end-to-end and ability to perform risk assessment.
  • Hands-on experience with at least 3 or more of the following Security areas with hand-on industry tools administration:
    1. EPP/EDR/XDR
    2. Vulnerability Management
    3. Data Loss Prevention
    4. SIEM
    5. PAM
    6. IAM
    7. Email Security
    8. Next Generation Firewall
    9. DDOS protection/WAF
    10. Installation and maintenance of software appliance in vCenter
    11. Any of the below - Web Proxy, FIM, IDS/IPS, API Security, Container Scan, CI/CD Security Gates, Load Balancer Security, PAM, KSM, HSM.
  • Efficient in handling changing priorities and managing multiple tasks.
  • Adept at resolving design and functionality challenges independently with minimal guidance.
  • Able to work autonomously with minimal supervision.
  • Security certifications such CISSP, CISM, CCSP, CISA, AWS Certified Security - Specialty are highly desirable.
  • Experience in Security Engineering for Cloud workloads is an added advantage.

 

Network for Electronic Transfers (Singapore) Pte Ltd.