← Back to job listings
E
Principal Digital Security Architect
Encora · Kuala Lumpur, Malaysia
About The Role
Key Responsibilities
- API & Ecosystem Architecture
- ● The API Fortress: Architect the security layer for our API Gateway (e.g., Kong,
- Apigee, AWS Gateway). Define global policies for Rate Limiting, Throttling, and
- Authorization (preventing BOLA/IDOR attacks).
- ● Supply Chain Security: Design secure integration patterns for our 3rd party partners
- (Fintechs, Credit Bureaus, Payment Processors). Ensure their insecurities do not
- become our breaches.
- ● Microservices Mesh: Define how our internal services trust each other. Move from
- "Network Trust" to "Cryptographic Trust" using mTLS and Service-to-Service
- authentication.
- Identity & Access Management (CIAM)
- ● Identity Strategy: Own the architecture for Customer Identity (CIAM). Design flows for
- Biometric Binding, Adaptive MFA, and Step-Up Authentication for high-value
- transactions.
- ● Token Lifecycle: Define the standards for OAuth 2.0 and OpenID Connect (OIDC).
- Ensure we are using Financial-grade API (FAPI) standards for token issuance,
- revocation, and storage.
- Secure Development Lifecycle (SDLC)
- ● Threat Modeling: Lead "Whiteboard Hacking" sessions with product owners. Identify
- business logic flaws (e.g., race conditions in ledgers, bypassable KYC steps) before a
- single line of code is written.
● Paved Roads: Work with DevOps to architect secure-by-default libraries. (Example
- Create a standard "Encryption Wrapper" library that all developers must use, so they
- don't invent their own crypto).
- Data Privacy & Cryptography
- ● Data Defense: Define the architecture for Field-Level Encryption (FLE) in the
- database for PII and Banking Secrets.
- ● Privacy Engineering: Architect systems that support "Right to be Forgotten"
- (GDPR/CCPA) without breaking the immutability of the financial ledger.
Strategic Deliverables
- ● Identity Patterns: Deliver new security design patterns and components for
- authentication, authorization, SSO, MFA, and Partner security to ensure seamless and
- secure user access.
- ● Mobile & Edge: Deliver new security design patterns and components for Mobile
- security, ensuring consistency between iOS, Android, and the backend.
- ● Modern Tech Stack: Deliver API, container, cloud, and AI security design patterns to
- support the bank's move toward intelligent, cloud-native infrastructure.
What We Are Looking For
- The Background
- ● 8+ Years Experience: A mix of Software Engineering and Security Architecture.
- ● Ex-Developer: You must be able to read code (Java, Kotlin, React or Node.js, ).
- ● Banking/Fintech Experience: Strong preference for candidates who have secured
- payment gateways, ledgers, or wallets.
- The Technical Skills
- ● API Security: Deep mastery of REST and GraphQL security.
- ● Auth Protocols: You can draw the OAuth 2.0 Authorization Code Flow with PKCE
- from memory. You understand JWT signing and JWKS key rotation.
- ● Mobile Security: Understanding of how mobile apps store secrets
- (KeyStore/Keychain) and how to prevent API abuse from emulators/bots.
- The Mindset
- ● Business Aligned: You understand that a bank exists to process transactions. You
- design security that reduces risk without destroying the User Experience (UX).
- ● Pragmatic: You know when to demand a "Blocker" fix and when to accept a "Risk
- Acceptance" waiver.
This listing was posted by a verified recruiter at Encora. Report this listing
JobSpring