Skip to content
← Back to job listings

Principal Digital Security Architect

Encora · Kuala Lumpur, Malaysia

ArchitectureLeadQuick applyfull-time10 days ago

About The Role

Key Responsibilities

  1. API & Ecosystem Architecture
  • ● The API Fortress: Architect the security layer for our API Gateway (e.g., Kong,
  • Apigee, AWS Gateway). Define global policies for Rate Limiting, Throttling, and
  • Authorization (preventing BOLA/IDOR attacks).
  • ● Supply Chain Security: Design secure integration patterns for our 3rd party partners
  • (Fintechs, Credit Bureaus, Payment Processors). Ensure their insecurities do not
  • become our breaches.
  • ● Microservices Mesh: Define how our internal services trust each other. Move from
  • "Network Trust" to "Cryptographic Trust" using mTLS and Service-to-Service
  • authentication.
  1. Identity & Access Management (CIAM)
  • ● Identity Strategy: Own the architecture for Customer Identity (CIAM). Design flows for
  • Biometric Binding, Adaptive MFA, and Step-Up Authentication for high-value
  • transactions.
  • ● Token Lifecycle: Define the standards for OAuth 2.0 and OpenID Connect (OIDC).
  • Ensure we are using Financial-grade API (FAPI) standards for token issuance,
  • revocation, and storage.
  1. Secure Development Lifecycle (SDLC)
  • ● Threat Modeling: Lead "Whiteboard Hacking" sessions with product owners. Identify
  • business logic flaws (e.g., race conditions in ledgers, bypassable KYC steps) before a
  • single line of code is written.

● Paved Roads: Work with DevOps to architect secure-by-default libraries. (Example

  • Create a standard "Encryption Wrapper" library that all developers must use, so they
  • don't invent their own crypto).
  1. Data Privacy & Cryptography
  • ● Data Defense: Define the architecture for Field-Level Encryption (FLE) in the
  • database for PII and Banking Secrets.
  • ● Privacy Engineering: Architect systems that support "Right to be Forgotten"
  • (GDPR/CCPA) without breaking the immutability of the financial ledger.

Strategic Deliverables

  • ● Identity Patterns: Deliver new security design patterns and components for
  • authentication, authorization, SSO, MFA, and Partner security to ensure seamless and
  • secure user access.
  • ● Mobile & Edge: Deliver new security design patterns and components for Mobile
  • security, ensuring consistency between iOS, Android, and the backend.
  • ● Modern Tech Stack: Deliver API, container, cloud, and AI security design patterns to
  • support the bank's move toward intelligent, cloud-native infrastructure.

What We Are Looking For

  1. The Background
  • ● 8+ Years Experience: A mix of Software Engineering and Security Architecture.
  • ● Ex-Developer: You must be able to read code (Java, Kotlin, React or Node.js, ).
  • ● Banking/Fintech Experience: Strong preference for candidates who have secured
  • payment gateways, ledgers, or wallets.
  1. The Technical Skills
  • ● API Security: Deep mastery of REST and GraphQL security.
  • ● Auth Protocols: You can draw the OAuth 2.0 Authorization Code Flow with PKCE
  • from memory. You understand JWT signing and JWKS key rotation.
  • ● Mobile Security: Understanding of how mobile apps store secrets
  • (KeyStore/Keychain) and how to prevent API abuse from emulators/bots.
  1. The Mindset
  • ● Business Aligned: You understand that a bank exists to process transactions. You
  • design security that reduces risk without destroying the User Experience (UX).
  • ● Pragmatic: You know when to demand a "Blocker" fix and when to accept a "Risk
  • Acceptance" waiver.

This listing was posted by a verified recruiter at Encora. Report this listing