全职 Security Engineer 工作, 薪水, Ryt Bank Federal Territory 公司招聘中 - Ricebowl

About the Team

We're building the next generation of digital banking infrastructure that combines enterprise-grade reliability with startup agility.

Our Cyber Security team is the backbone of our technology organisation, ensuring that innovation and trust go hand in hand as we scale Malaysia's first AI-powered digital bank.

You'll collaborate with some of the sharpest minds in the industry, operating in a supportive and dynamic environment that fosters creativity, exploration, and innovation.

Your next thrilling adventure starts here. Be part of shaping the future of digital banking today!

About the Role

Security Engineers at Ryt Bank are hands-on builders of the security engineering platform — responsible for application security, cloud and network security implementation, DevSecOps pipelines, Vulnerability Management, security tooling and automation, AI security tooling, and security research. The team runs two seniority levels — Sr Security Engineer and Security Engineer — sharing the same broad engineering remit. The distinction lies in depth, independence, and breadth of ownership.

Sr Security Engineers own complex, high-impact security engineering work independently across all domains — making architectural decisions, leading tooling builds, and serving as the technical authority for the pillar. Security Engineers build strong ownership across a focused subset of these domains and expand their coverage over time, working closely with the Sr Security Engineer and Lead.

Both roles are for technically strong engineers who are passionate about building security at scale in an AI-native digital bank, where conventional security tooling meets agentic automation and LLM-powered workflows.

What You'll Do

SECURITY ARCHITECTURE & APPSEC

• Conduct threat modelling, architecture security reviews, and secure code reviews for applications, APIs, and AI systems. Sr Engineers lead and own these independently; Engineers participate under guidance of the Lead and Sr Engineer.
• Operate and improve security tooling in CI/CD pipelines — SAST, DAST, SCA, container image scanning, and secret detection. Sr Engineers own the pipeline architecture; Engineers operate and maintain it.
• Own SBOM generation and supply chain security controls. Sr Engineers lead the programme; Engineers maintain the pipeline.
• Apply OWASP LLM Top 10 to review and harden AI-native applications — coding agents, RAG pipelines, MCP-connected agents, and agentic workflows.
• Support the Security Champions programme. Sr Engineers mentor champions and produce AppSec guidance; Engineers provide squad-level tooling assistance.

CLOUD, NETWORK & IAM

• Own and operate cloud security posture management (CSPM) and CNAPP across Alibaba Cloud and AWS. Sr Engineers own the architecture and policy; Engineers monitor and remediate findings.
• Implement and maintain zero-trust microsegmentation, network security groups, cloud-native firewall rules, and Kubernetes admission control.

SECURITY TOOLING, AUTOMATION & AI SECURITY

• Build out the bank's Agentic SOC capability using n8n or equivalent orchestration. Sr Engineers lead design and implementation; Engineers contribute to build and maintenance.
• Designed and implemented security controls for AI systems, enhancing resilience against emerging threats and ensuring secure, reliable operation.

SECURITY RESEARCH

• Stay current on the security engineering landscape — new vulnerabilities, emerging attack techniques, AI security research, and tooling developments.
• Evaluate new security tooling and automation capabilities; Sr Engineers produce architecture recommendations, Engineers produce proof-of-concept implementations.
• Contribute security research findings to the Lead and Head of Cyber Security to inform the team's technical roadmap.

What We're Seeking

EXPERIENCE

• 3–5 years in security engineering roles with demonstrated hands-on coverage across AppSec, cloud security, IAM, and security automation.
• Deep familiarity with MITRE ATT&CK, OWASP LLM Top 10, and cloud security architecture across Alibaba Cloud and/or AWS.
• Proven ability to independently own and deliver complex security engineering programmes.
• Hands-on experience with AI/LLM security tooling and agentic workflow security is a strong differentiator.
• Experience in a regulated financial institution; familiarity with BNM RMIT requirements is a strong advantage.

SKILLS

• Scripting capability in Python, Bash, or Go for security tooling and pipeline automation.
• Familiarity with SIEM query languages (KQL, SPL) and detection-as-code (Sigma).
• Working knowledge of cloud security (CSPM, IAM, K8s), DevSecOps tooling, and IAM/CIAM patterns.
• Sr Engineers: architectural authority, independent delivery, ability to mentor and set technical direction.
• Engineers: collaborative and growth-oriented, proactively expanding domain coverage.

PREFERRED CERTIFICATIONS

• AWS Security Specialty or Alibaba Cloud Security; CKS (Certified Kubernetes Security Specialist).
• CompTIA Security+ or CySA+.
• Sr Engineers: CISSP or equivalent.
• Engineers: eJPT, AWS Cloud Practitioner, or CompTIA PenTest+.

What We Value

• Revolutionary in our thinking.
• Innovative in our products, services and the way we work.
• Genuine in our intentions.
• Honourable in our actions.
• Tenacious in overcoming challenge.