Platform / DevSecOps Engineer

Engineering Kuala Lumpur Full-time 3+ years experience

We're hiring a Platform / DevSecOps Engineer to strengthen the infrastructure and security operations behind Peripamo. You'll work closely with the CTO/CISO on the systems that keep our platform running and our enterprise clients confident in us.

We're actively preparing for ISO 27001 — not certified yet — and you'll be central to that effort.

Apply now → Send your CV and a few lines on what drew you to the role.

About us

A Malaysia-based risk analytics SaaS startup.

We provide quantitative risk solutions and consulting services to financial institutions, including banks, asset managers, and insurance companies.

Our platform focuses on building industrial-grade quantitative risk engines across market risk, credit risk, liquidity risk, and climate risk, while actively integrating AI and machine learning into risk workflows. In addition to software delivery, we work closely with clients on model design, validation, stress testing, and regulatory-aligned analytics.

As a startup, we work as a small, tight-knit team. This is not an ordinary job. Every team member plays a meaningful role in shaping the product, supporting clients, and growing the company.

What you'll own

Three pillars. End-to-end ownership.

Infrastructure & Reliability

Operate and harden our cloud platform across compute, storage, networking, and managed services.
Own CI/CD pipelines, infrastructure-as-code, monitoring, logging, and alerting.
Manage backups, restore procedures, and database operations.
Be the primary on-call for production. Drive incident response, root-cause analysis, and post-mortems.

Security Operations

Day-to-day owner of endpoint protection across our Linux and Mac fleet.
Run vulnerability management, patch cycles, and configuration hardening.
Manage secrets, access controls, and identity across our cloud and SaaS stack.
Lead security questionnaire responses and vendor due diligence requests from enterprise clients.
Drive our ISO 27001 readiness — controls, documentation, evidence, and audit prep.

Business Continuity & Disaster Recovery

Design, document, and run regular BCP and DR exercises.
Own runbooks, RTO/RPO targets, and recovery procedures.
Build the operational resilience story we present to enterprise clients.

Who we're looking for

Must-haves & nice-to-haves.

Must-Haves

3+ years operating production infrastructure on a major cloud (GCP, AWS, or Azure).
Strong Linux fundamentals — comfortable on the terminal and in shell scripts.
Hands-on experience with infrastructure-as-code, CI/CD, and containerization.
Comfortable owning incident response end-to-end, including writing post-mortems.
Experience managing secrets, identity, and access at scale.
Solid relational database operational knowledge — backups, restores, performance basics.

Nice-to-Haves

Has helped take an organisation through an ISO 27001 audit cycle, ideally as a primary contributor (similar audit-framework experience also relevant).
Clear, written communication — comfortable writing for enterprise client audiences.
Prior experience in fintech, banking, or another regulated industry.
Hands-on experience responding to enterprise vendor security questionnaires.
BCP/DR exercise experience in a regulated environment.
Certifications: CISSP, CCSP, cloud security specialty, or equivalent.
Experience with EDR and MDM tooling.

Why join us

Practical security and resilience work at fintech scale.

Real ownership Your decisions shape how Peripamo runs for years.
High-leverage work, no busywork Small team, short paths from problem to fix.
Compounding skills Lead an ISO 27001 readiness program end-to-end, run enterprise vendor diligence, and own operational resilience at a fintech.
Competitive compensation Including base salary and performance bonus.

Sound like you? Let's talk.

Send your CV and a few lines on what drew you to the role. We read every application.

Apply now →

← All open roles