Security & Solution Architect
Work should be challenging.
Your work should challenge the status quo.
You should be defining the future, not being dependent on it.
You don’t like it safe, and prefer to swim in the deep end, while figuring things out.
You want to be an avant-garde.
If this resonates with you, then you’ll fit right in here at Propine.
Propine is re-inventing capital markets using blockchain technology. We’ve worked with Monetary Authority of Singapore (MAS), to become the first licensed custodian for digital assets in the world.
We are re-imagining the issuance and life cycle management of capital market products like equities, debt, structured products and funds using blockchain technology, to reduce friction and increasing value accrual for both issuers and investors.
This role requires you to have a ‘do-whatever-it-takes’ mindset and learn to operate just outside the limit of your comfort zone. If this excites you, but also makes you a bit nervous, then you might be the right fit.
Seniority: Mid-senior/Senior Level
You will partner closely with the leadership team and work directly with the CEO, CTO and Engineering Team. You will communicate and collaborate across the organization to:
Drive Secure Development And Deployment
• Design and deploy overall solution architecture to meet current and future business and product requirements
• Align technical architecture and roadmap with product design
• Work with engineering teams to clarify and enforce rigorous adherence to architecture(s) and technical standards
• Drive Software Engineering security best practices, including specifications, hands on coding, and partnering with engineering teams for delivering a secure product on deployment
• Participate in processes such as security reviews on source code to identify and assess risks to the infrastructure, services and customers; provide recommendations for risk reduction to leadership and engineering teams
• Develop our DevSecOps practices to deliver a secure and reliable production platform
Manage and Monitor Security Threats
· Develop our risk program, perform IT security risk assessments and implement ways to minimise threats
· Monitor security vulnerabilities and hacking threats in network and host systems
· Implement an effective process for monitoring and reporting of security incidents
· Develop strategies and oversee the investigation of reported security breaches
· Perform penetration and network vulnerability tests on internal infrastructure
· Recommend solutions on discovered vulnerabilities
Audits and Compliance
· Conduct internal security audits encompassing smart contracts, web applications, infrastructure and endpoints.
· Keep abreast of the trends affecting crytocurrency security
· Liaise with external auditors to enable certification audits
· Comply with cyber and tech compliance requirements as they are released from time to time by MAS
· Support Compliance and Legal with enterprise standards, processes and policies
Requirements for this role
• A degree in Computer Science, Software Engineering, Cyber Security or related fields
• Minimum 5 years of experience in software engineering
• Minimum 3 years of experience in a cybersecurity role
• Fluent and written English is a must
• Foundation level blockchain/cryptocurrency knowledge is a must
• Ability to understand business requirements and translate them into technical solutions
• Possess excellent communication, sharp analytical abilities with proven design skills, able to think critically of the current system in terms of growth and stability.
• Experience with modern web technologies and AWS stack
• Experience with cloud platform security including IAM, WAF, KMS, logging/monitoring.
• Knowledge of CI/CD practices and security challenges
• Experience across common vulnerability classes
• Experience with SAST/DAST tools
• Experience in implementing an automated security scanning solution for cloud infrastructure as code, experience using Sentinel policies for Terraform is preferred.
• Demonstrable understanding of modern architectural patterns such as containerization, microservices, API gateways etc.;
• Experience with prioritising and managing security risks
• Good knowledge of operational security best practices
• Must have experience developing security plans, processes and controls
• Experience conducting internal audits, reviewing security reports and prioritising remediation activities
• Proven ability to communicate across roles to drive security mindset across company
• Experience interfacing with external auditors
• Experience working with startups preferred