Security Engineer

Security Kuala Lumpur Full-time Security engineering

We're hiring a Security Engineer to build product, cloud, identity, and operational security controls for Peripamo. You'll work closely with the CTO/CISO and engineering team on systems that keep our platform reliable and our enterprise clients confident in us.

Apply now → Send your CV and a few lines on the security systems you've built or operated.

About us

A Malaysia-based risk analytics SaaS startup.

We provide quantitative risk solutions and consulting services to financial institutions, including banks, asset managers, and insurance companies.

Our platform focuses on building industrial-grade quantitative risk engines across market risk, credit risk, liquidity risk, and climate risk, while actively integrating AI and machine learning into risk workflows. In addition to software delivery, we work closely with clients on model design, validation, stress testing, and regulatory-aligned analytics.

As a startup, we work as a small, tight-knit team. This is not an ordinary job. Every team member plays a meaningful role in shaping the product, supporting clients, and growing the company.

What you'll own

Practical security controls for a regulated platform.

Product & Application Security

Implement secure patterns for authentication, authorization, API access, secrets, and data protection.
Partner with product and engineering on threat modelling and secure design reviews.
Build guardrails that make secure implementation easier for the rest of the team.

Cloud, Identity & Platform Controls

Harden cloud services, IAM, CI/CD, containers, endpoints, and SaaS integrations.
Run vulnerability management, patch cycles, baseline configuration checks, and security monitoring.
Manage security tooling, logging, alerting, and incident response workflows.

Governance, Evidence & Client Trust

Support ISO 27001 readiness, evidence collection, control operation, and audit prep.
Help answer enterprise vendor security questionnaires with precise technical evidence.
Maintain security runbooks, review checklists, and practical internal guidance.

Who we're looking for

Must-haves & nice-to-haves.

Must-Haves

Hands-on experience in security engineering, application security, cloud security, or DevSecOps.
Strong understanding of IAM, secrets, API security, vulnerability management, and secure SDLC.
Comfortable on Linux and able to automate security tasks with scripts or code.
Experience operating or improving security tooling, logging, alerting, and incident workflows.
Ability to work directly with engineers and turn security requirements into practical controls.
Clear written communication for internal documentation and client-facing evidence.

Nice-to-Haves

Has helped take an organisation through an ISO 27001 audit cycle, ideally as a primary contributor.
Experience with cloud security on GCP, AWS, or Azure.
Prior experience in fintech, banking, or another regulated industry.
Hands-on experience responding to enterprise vendor security questionnaires.
Experience with EDR, MDM, SAST, DAST, dependency scanning, or CSPM tooling.
Certifications: CISSP, CCSP, GSEC, GDSA, cloud security specialty, or equivalent.

Why join us

Security engineering where the controls actually matter.

Real ownership Your controls shape how Peripamo builds, operates, and earns client trust.
High-leverage work, no busywork Small team, no bureaucracy, direct access to the people who can approve real fixes.
Compounding skills Work across fintech, cloud, application security, AI-native systems, and enterprise security expectations.
Competitive compensation Including base salary and performance bonus.

Sound like you? Let's talk.

Send your CV and a few lines on the security systems you've built or operated. We read every application.

Apply now →

← All open roles