Senior Security Engineer
Skills
About the Role
You will develop, update, and maintain organizational cybersecurity policies, standards, and procedures to meet regulatory and industry requirements. You will lead internal and third-party security audits, coordinate remediation activities, and manage compliance documentation. You will collaborate with Engineering and Product to embed security into the SDLC, conduct security architecture reviews, perform threat modeling and risk assessments, and provide technical guidance on secure configuration, vulnerability management, and access control. You will establish and enhance incident response playbooks, act as a lead responder during incidents, perform forensic and root cause analysis, and manage security monitoring alerts from SIEM and EDR platforms to prevent recurrence.
Requirements
- 3–5 years of experience in information security or cybersecurity
- Experience in financial services, fintech, or digital asset/blockchain environments preferred
- Strong understanding of security regulations and compliance requirements
- Familiarity with ISO 27001, NIST, and CIS Controls
- Understanding of Taiwan information security regulatory landscape
- Experience with SIEM and EDR platforms
- Experience in incident response and digital forensics
- Fluent in English and Mandarin
Responsibilities
- Develop and maintain cybersecurity policies, standards, and procedures
- Ensure compliance with regulatory requirements and industry frameworks
- Lead internal security audits and regulatory assessments
- Manage third-party and supplier security audits and due diligence
- Embed security requirements throughout the SDLC
- Conduct security architecture reviews and threat modeling
- Perform risk assessments for products, features, and infrastructure changes
- Provide technical guidance on secure configuration and access control
- Manage vulnerability identification and remediation processes
- Establish and maintain incident response frameworks and playbooks
- Act as lead responder for security incidents and coordinate investigations
- Monitor and respond to security alerts (SIEM, EDR) and perform root cause analysis