Please note that we will only be able to accept candidates who have the appropriate rights and documentation for employment in Malaysia.

Who We Are.

Axi is a leading global provider of margin and deliverable Foreign Exchange, Contracts for Difference (CFDs), and Financial Spread betting. Our business has evolved into a world-class, multifaceted brokerage with offices in six regions. With heavy investment in the latest trading technology, Axi seeks to offer the most comprehensive end-to-end trading experience available, servicing traders of all levels from beginners to institutional-level clients.

Let's talk about the cool stuff you will do at Axi!

You will play a key role in keeping Axi colleagues safe in the world of Cyber. With a key focus on engineering and automation, this role focuses on implementing strategic solutions to security problems, providing a secure environment for our customers and colleagues to operation in, without large operational overheads. Ranging from DevSecOps practices implementing security controls as code to policy-based controls across our network or identity environments.

Your EDGE Assignment/You Will

• Operate as a core member of the Security team and act as a subject matter expert for Axi in partnership with Axi strategic partners.
• Keep abreast of and play a hands on, investigative role in security incidents providing essential information to key control points.
• Drive improvements in threat intelligence capabilities aligned to industry best practice.
• Research security trends and emerging technologies, identify our business and technical requirements, perform technical evaluation and support deployment of multi-regional security solutions.
• Review implementation of security controls and evaluate effectiveness, make recommendations for improvements, and execute against those recommendations.
• Play a key role in projects through design, pilot, and deployment for new security solutions across multivendor cloud environments.
• Take a leading role in specific projects aligned to key skillsets ensuring delivery to a high standard.

Are you the one?

• Strong hands-on experience securing Microsoft Azure environments
• Expertise in Microsoft Defender for Cloud (secure score, recommendations, workload protection)
• Secure configuration & hardening of Azure Storage, VMs, Key Vault, and Networking (NSG, private access)
• Solid understanding of the Azure shared responsibility model

Microsoft Defender Expertise

• Experience with Defender for Endpoint and Defender for Identity
• Alert triage, investigation, and tuning using KQL
• Practical incident response experience (containment, RCA)

Offensive Security (Must-Have)

• Hands-on web, API, and cloud security testing
• Strong knowledge of OWASP Top 10 & OWASP API Top 10
• Attacker mindset with ability to design preventive controls

Nice to Have

• Red/Purple team exposure, MITRE ATT&CK
• Scripting (PowerShell / Python)
• WAF & API security (Akamai, Azure Front Door, Cloudflare)
• ISO 27001 / SOC 2 support
• Security automation (Azure Logic Apps / Functions)

Axi's bag of delights

• Competitive and attractive compensation.
• Extensive learning opportunities, such as professional training & certifications and soft skills development.
• Health and life insurance for employees along with 2 dependents.
• Generous time off, including 20 days of annual leave per year (incremental leave up to 25 days) and paid sick leave.
• Team-building experiences and corporate parties.

Axi's interview journey

• Talent Acquisition Interview (45 minutes)
• Hiring Team Interview (45 minutes)
• Final Interview (30 minutes)

Please note that our organization works with recruitment agencies on a pre-approved basis only. A recruitment agency that wishes to submit candidate profiles or resumes for consideration must obtain prior written consent from our talent acquisition team. We do not accept unsolicited resumes from recruitment agencies, and we will not be responsible for any fees related to unsolicited resumes. Should we receive an unsolicited resume from a recruitment agency that does not have prior written consent, we will not be responsible for the payment of any fees related to the recruitment of the candidate represented in the unsolicited resume.

At Axi, we prioritize creating a workplace that upholds fairness and respect for all. We encourage every individual within our community to contribute towards a culture where everyone feels a sense of belonging and is treated with the dignity they deserve. We make all employment-related decisions—whether in hiring, compensation, training, performance reviews, or termination—based on merit and without bias, ensuring equal opportunities for everyone. We consciously work to identify and overcome any unconscious biases, with a commitment to fostering an inclusive environment where every employee and candidate feels genuinely welcomed and valued.

We are seeking a hands-on Network Security Engineer to operate and continuously improve our network security stack—primarily enterprise firewalls (Palo Alto, Fortinet, Cisco), secure web gateways/proxies, and site-to-site/remote-access VPNs. The ideal candidate is an operator-engineer hybrid with deep knowledge across L2–L7 security controls, strong troubleshooting skills, and proven experience in high-availability, low-latency environments. Experience supporting MAS TRM or BNM RMiT audits is highly preferred.

Operations & Reliability:
Own day‑to‑day operation of Palo Alto, Fortinet, and Cisco firewalls, Proxies, and VPN appliances (IPSec/SSL).
Monitor and maintain HA clusters, dynamic routing (BGP/OSPF) on firewalls, and NAT/policy objects to ensure availability and performance SLAs.
Execute change management: rule modifications, NAT adjustments, SSL decryption policies, URL categories and app‑ID signatures.
Perform break/fix troubleshooting using methodical, packet‑level analysis (pcaps, flow records, session tables, global counters).
 

Security Engineering & Hardening:
Manage segmentation (zones, VRFs, tags), east‑west and north‑south controls, and zero-trust policy baselines.
Develop and maintain standardized security templates (objects, groups, security profiles, threat/vulnerability profiles, URL filtering, DLP where applicable).
Tune IPS/IDS, Anti‑Malware, URL filtering, WildFire/ATP, DNS Security, and sandboxing controls to reduce false positives while maintaining strong coverage.
Integrate firewalls with identity (AD/LDAP, IdP, SSO), SIEM/SOAR, PKI, and EDR/XDR telemetry to enrich detections and automate response.
 

Secure Remote Access & Edge
Maintain VPN architectures (IPSec, GlobalProtect/AnyConnect/FortiClient), posture checks, MFA, split vs. full tunnel policies.
Support branch/edge (SD‑WAN) security policy application and traffic steering to on‑prem or cloud security services.
Manage proxy/SWG policies (e.g., SSL decrypt, file controls, CASB integration) and ensure compliance for web access.
Experience in Zero Trust Network Access (ZTNA) is an advantage.
 

Governance, Risk & Compliance
Maintain policy standards, rule certification/recertification cycles, and least‑privilege reviews.
Ensure controls meet regulatory and industry frameworks (e.g., ISO 27001, NIST 800‑53/CSF, SOC 2, PCI DSS, MAS TRM if applicable).
Document and execute disaster recovery and BCP plans for network security platforms.
 

Incident Response & Continuous Improvement
Act as an escalation point for network‑security incidents; participate in RCA, and corrective actions.
Build dashboards and metrics (utilization, block/allow, threat trends, latency) and drive continuous tuning.
Contribute to runbooks, knowledge base articles, and automation (e.g., Ansible, Terraform, Panorama, FortiManager, Cisco FMC APIs).

About the Role

We are seeking a skilled AWS Engineer to design, implement, and manage scalable, secure, and highly available cloud infrastructure. The ideal candidate will have strong hands-on experience with AWS services and cloud-native solutions.

Key Responsibilities

• Design, deploy, and manage cloud infrastructure on Amazon Web Services.

• Build and maintain scalable environments using services such as EC2, S3, RDS, Lambda, and VPC.

• Implement Infrastructure as Code (IaC) using tools like Terraform or CloudFormation.

• Monitor system performance and ensure high availability and reliability.

• Manage security best practices including IAM roles, policies, and network security.

• Support CI/CD pipeline integration and automation.

• Troubleshoot and resolve cloud-related issues.

• Collaborate with DevOps, development, and security teams.

• Maintain documentation for cloud architecture and processes.

Requirements

• Bachelor’s degree in Computer Science, IT, or related field.

• 3–8 years of experience in cloud engineering or AWS environments.

• Strong hands-on experience with Amazon Web Services core services (EC2, S3, RDS, VPC, IAM).

• Experience with Infrastructure as Code (Terraform or CloudFormation).

• Familiarity with Linux/Windows server administration.

• Knowledge of networking concepts (DNS, VPN, load balancing).

• Experience with monitoring tools (CloudWatch, Prometheus, Grafana).

• Strong troubleshooting and problem-solving skills.

Nice to Have

• AWS certifications (Solutions Architect, DevOps Engineer, etc.).

• Experience with containerization (Docker, Kubernetes).

• Exposure to CI/CD tools (Jenkins, GitHub Actions, GitLab CI).

• Experience with multi-cloud environments (Azure, GCP).

• Knowledge of security and compliance best practices.

Job Overview

We are looking for an experienced Infrastructure Services Engineer responsible for designing, operating, securing, and maintaining core shared infrastructure services such as DNS, DHCP, NTP, Active Directory, internal PKI/Certificate Authority, and SMTP.
This role ensures these critical services remain highly available, resilient, secure, compliant, and integrated across cloud, compute, network, storage, and security platforms.

Key Responsibilities

• Administer and maintain DNS, DHCP, NTP, internal CA/PKI, Active Directory, and SMTP systems.
• Monitor service availability, capacity, and performance, ensuring SLA compliance.
• Troubleshoot incidents, service requests, and escalations with strong problem-solving skills.
• Design and implement upgrades, patches, and enhancements for core services.
• Develop automation (PowerShell/Python) to improve efficiency and reduce errors.
• Integrate infrastructure services with cloud, hybrid environments, and security tools.
• Ensure alignment with security policies, hardening guidelines, audit requirements, and regulatory standards.
• Perform certificate lifecycle management and maintain secure configurations.
• Collaborate closely with Compute, Network, Storage, Backup, and Security teams on design and resilience improvements.
• Support infrastructure projects requiring core shared services.
• Prepare documentation including architecture diagrams, SOPs, and operational runbooks.
• Identify risks and contribute to best risk management practices.
• Stay updated on compliance trends, emerging threats, and new technologies.

Required Skills & Experience

• 6–8 years overall IT infrastructure experience (compute, storage, backup, network, cloud).
• 5+ years in resilience, high availability, failover design, and DR planning.
• 5+ years Microsoft Active Directory administration (GPO, domain controllers, auth hardening).
• 5+ years DNS & DHCP management (Microsoft DNS / Infoblox).
• 3–5 years PKI/Certificate Authority experience (cert lifecycle, CRLs, OCSP, TLS security).
• 2–3 years NTP configuration and time synchronization management.
• 3+ years SMTP/email relay infrastructure management.
• Strong knowledge of security, encryption, authentication, hardening, and compliance.
• Experience collaborating with cross-functional infrastructure teams.
• Scripting (PowerShell/Python) — advantageous/preferred.

About Encora

Encora is a global company that offers Software and Digital Engineering solutions. Our practices include Cloud Services, Product Engineering & Application Modernization, Data & Analytics, Digital Experience & Design Services, DevSecOps, Cybersecurity, Quality Engineering, AI & LLM Engineering, among others.

At Encora, we hire professionals based solely on their skills and do not discriminate based on age, disability, religion, gender, sexual orientation, socioeconomic status, or nationality

We are seeking a SecOps (Security Operations) Engineer to support daily security operations, including monitoring security systems, responding to incidents, maintaining security tools, and ensuring compliance with security policies. The role involves working closely with IT, network, and application teams to maintain a secure enterprise environment.

Key Responsibilities

Security Monitoring & Incident Response

• Monitor security alerts and logs from SIEM, EDR, and other security platforms.

• Investigate and respond to security incidents based on defined procedures and playbooks.

• Perform root cause analysis and document findings for continuous improvement.

Security Tools & Infrastructure Maintenance

• Maintain and optimize security tools including IPS, endpoint protection, DLP, CASB, PAM, and NAC.

• Ensure logging and alerting systems are functioning correctly and tuned for accuracy.

• Assist in onboarding new systems into the security monitoring environment.

Policy Compliance & Reporting

• Ensure compliance with internal security policies and regulatory requirements.

• Generate security reports covering incident trends, operational metrics, and security posture.

• Support internal and external audits by providing required documentation.

Collaboration & Support

• Work closely with IT, network, and application teams to ensure secure operations.

• Provide security guidance during system upgrades, deployments, and BAU activities.

• Participate in security awareness and training initiatives.

Continuous Improvement

• Recommend improvements to security tools, processes, and controls.

• Stay updated on emerging threats, vulnerabilities, and cybersecurity best practices.

Requirements

Education

• Bachelor’s degree in Computer Science, Information Security, IT, or related field.

Experience

• 3–5 years of experience in IT security operations or cybersecurity roles.

• Hands-on experience with SIEM tools (Microsoft Sentinel, Splunk, QRadar).

• Experience with EDR platforms, firewalls, and intrusion prevention systems (IPS).

• Exposure to DLP, CASB, and vulnerability management tools.

• Experience in enterprise or hybrid IT environments preferred.

• Familiarity with security frameworks such as ISO 27001, NIST, or regulatory standards (e.g., Bank Negara Malaysia RMiT, PDPA).

Technical Skills

• Strong knowledge of network security, identity & access management, and endpoint protection.

• Experience in log analysis, incident response, and threat detection.

• Knowledge of Windows and Linux security hardening.

• Familiarity with cloud security (Azure, Microsoft 365 Defender).

• Basic scripting knowledge (PowerShell or Python) is an advantage.

Certifications (Preferred)

• CompTIA Security+

• Certified Ethical Hacker (CEH)

• Microsoft Certified: Security Operations Analyst Associate

• GIAC Security Essentials (GSEC)

#LI-CS1