Senior Information Security Engineer
Gulshan, Bangladesh
Full Time
Mid Level
About PalmPay
PalmPay is a leading neobank and fintech platform scaling financial inclusion across emerging markets. With over 40 million users, we are building a digital financial ecosystem that empowers individuals and businesses through accessible, easy-to-use, and rewarding financial services.
Operating in Nigeria, Ghana, Tanzania, Bangladesh, Pakistan, and the Philippines, PalmPay has been recognized by CNBC as one of the Top 300 Global Fintech Companies and ranked #2 overall and #1 in financial services on the Financial Times’ Africa’s Fastest Growing Companies 2025 list.
Position Overview
PalmPay is seeking an experienced and proactive Senior Information Security Engineer to strengthen the organization’s cybersecurity posture by implementing enterprise security controls, managing security operations, supporting regulatory compliance, and protecting critical payment infrastructure across cloud and on-premises environments.
The successful candidate will work closely with Engineering, Infrastructure, Compliance, Risk, and Product teams to ensure the confidentiality, integrity, and availability of PalmPay’s digital financial services while maintaining compliance with Bangladesh Bank regulations and international security standards.
Key Responsibilities:
Information Security Operations
Vulnerability Management & Security Assessment
Governance, Risk & Compliance
DevSecOps & Security Engineering
Required Qualifications & Experience
Education & Certification
Experience
Skills & Competencies
Compensation & Benefits
PalmPay is a leading neobank and fintech platform scaling financial inclusion across emerging markets. With over 40 million users, we are building a digital financial ecosystem that empowers individuals and businesses through accessible, easy-to-use, and rewarding financial services.
Operating in Nigeria, Ghana, Tanzania, Bangladesh, Pakistan, and the Philippines, PalmPay has been recognized by CNBC as one of the Top 300 Global Fintech Companies and ranked #2 overall and #1 in financial services on the Financial Times’ Africa’s Fastest Growing Companies 2025 list.
Position Overview
PalmPay is seeking an experienced and proactive Senior Information Security Engineer to strengthen the organization’s cybersecurity posture by implementing enterprise security controls, managing security operations, supporting regulatory compliance, and protecting critical payment infrastructure across cloud and on-premises environments.
The successful candidate will work closely with Engineering, Infrastructure, Compliance, Risk, and Product teams to ensure the confidentiality, integrity, and availability of PalmPay’s digital financial services while maintaining compliance with Bangladesh Bank regulations and international security standards.
Key Responsibilities:
Information Security Operations
- Design, implement, and continuously improve enterprise information security controls across cloud, infrastructure, applications, databases, endpoints, and network environments.
- Monitor security events using SIEM platforms, perform threat detection, incident response, digital investigations, and root cause analysis.
- Conduct proactive threat hunting and continuously enhance the organization’s security monitoring capabilities.
- Support Security Operations Center (SOC) activities and ensure a timely response to security incidents.
- Cloud & Infrastructure Security
- Secure Cloud and Bangladesh-based private cloud environments in accordance with security best practices and regulatory requirements.
- Implement and manage cloud security services, IAM, MFA, PAM, WAF, IDS/IPS, VPN, encryption, and network segmentation.
- Perform secure configuration, hardening, and security baseline implementation for servers, operating systems, containers, Kubernetes clusters, databases, and virtual infrastructure.
- Participate in secure architecture reviews for new products, services, and technology implementations.
Vulnerability Management & Security Assessment
- Conduct vulnerability assessments, coordinate penetration testing, and oversee remediation activities.
- Perform infrastructure, application, and cloud security assessments.
- Ensure timely remediation of identified vulnerabilities through risk-based prioritization.
- Support secure configuration management, patch management, and infrastructure hardening initiatives.
Governance, Risk & Compliance
- Ensure compliance with Bangladesh Bank regulations, industry security standards, and internal security policies.
- Support regulatory reporting, compliance documentation, and security governance initiatives.
- Participate in internal audits, regulatory inspections, certification assessments, and security reviews.
- Conduct security risk assessments, vendor security reviews, and technical due diligence for new systems, products, and third-party service providers.
- Develop, review, and maintain information security policies, standards, procedures, and technical baselines.
DevSecOps & Security Engineering
- Integrate security controls throughout the Secure Software Development Lifecycle (Secure SDLC) and CI/CD pipelines.
- Implement and maintain security tools for SAST, DAST, SCA, container security, secret scanning, IaC security, and vulnerability management.
- Collaborate with engineering teams to strengthen secure coding practices, cloud security automation, and container security.
- Support security automation initiatives to improve operational efficiency and security visibility.
- Security Awareness & Stakeholder Collaboration
- Conduct information security awareness and technical security training programs across the organization.
- Provide security consultation to Engineering, Infrastructure, Product, Compliance, Risk, and Business teams.
- Support the Head of Information Security on strategic cybersecurity initiatives, regulatory projects, and security improvement programs.
Required Qualifications & Experience
Education & Certification
- Bachelor’s degree in Computer Science, Information Technology, Information Security, Cyber Security, or a related discipline.
- CISA
- AWS Certified Security – Specialty
- ISO/IEC 27001 Lead Implementer/Lead Auditor
- CEH
- CompTIA Security+
Experience
- Minimum 3+ years of professional experience in Information Security or Cyber Security.
- Prior experience in Banking, FinTech or other regulated financial institutions will be highly preferred.
- Hands-on experience securing enterprise cloud infrastructure, applications, and production environments.
- Experience supporting regulatory audits, security assessments, and compliance initiatives.
- Practical experience with security monitoring, incident response, vulnerability management, cloud security, and DevSecOps.
Skills & Competencies
- Strong knowledge of enterprise information security principles and security architecture.
- Hands-on experience with enterprise security technologies including SIEM, IAM, PAM, WAF, IDS/IPS, Endpoint Protection, Vulnerability Management, Cloud Security, DevSecOps, and Container Security.
- Experience working with Cloud and Bangladesh-based private cloud platforms.
- Good understanding of Bangladesh Bank ICT Security Guidelines, Bangladesh Bank PSP/PSO/BNPL Regulatory Requirements, PCI DSS, ISO/IEC 27001, NIST Cybersecurity Framework, CIS Benchmarks, and OWASP security standards.
- Strong analytical, troubleshooting, incident handling, and problem-solving skills.
- Excellent communication skills in English.
- High attention to detail with strong execution capability.
- Ability to work independently and manage multiple priorities in a fast-paced, highly regulated fintech environment.
Compensation & Benefits
- Competitive salary
- Festival bonuses
- Opportunity to work in a fast-growing global fintech environment
- Career development and leadership exposure
Apply for this position
Required*