Information Security Engineer

Role Summary:We are seeking a skilled and proactive Information Security Engineer to lead and scale NowPay’s cybersecurity posture. This role is critical to securing sensitive employee financial data, ensuring the integrity of salary disbursement systems, and supporting regulatory compliance (e.g. local regulators, PCI-DSS, and GDPR). The successful candidate will be responsible for designing and enforcing best-in-class security practices across our platforms, cloud infrastructure, and internal processes.Key Responsibilities:Security Strategy & Architecture Define and continuously improve NowPay’s information security strategy, policies, and controls across all layers (cloud, app, infrastructure). Lead threat modeling and risk assessment activities for new and existing systems. Ensure secure design of new fin-tech products including salary advance, BNPL, and bill payment services. Vulnerability Management & Monitoring Conduct regular security assessments, vulnerability scans, and penetration testing. Monitor and respond to security incidents, collaborating with engineering and DevOps teams for resolution. Maintain and enhance audit logging, intrusion detection, and alerting systems. Cloud & Application Security Implement secure configurations and hardening of AWS infrastructure (IAM, EC2, S3, RDS, etc.). Ensure secure code practices via CI/CD pipelines, code reviews, and dependency scanning (GitHub, Jira). Support the engineering team with encryption, tokenization, and data integrity mechanisms. Compliance & Risk Support compliance with relevant regulatory frameworks (local regulators, PCI-DSS, ISO 27001). Manage security documentation, audits, and incident response playbooks. Collaborate with legal and compliance teams on security requirements for licensing or audits. Employee Security Enablement Lead security awareness training for employees (e.g., phishing, password hygiene, secure device usage). Manage identity and access management (IAM), two-factor authentication, and role-based access controls. Requirements 3+ years of experience in information security, preferably in fin-tech, banking, or SaaS environments. Hands-on experience with cloud/on-site security. Familiarity with regulatory and compliance standards: local regulators, GDPR, PCI-DSS, ISO 27001. Proficient in tools such as Metabase, GitHub, Jira, SIEMs, firewalls, and endpoint protection systems. Strong knowledge of OWASP Top 10, encryption protocols, and authentication systems. Bachelor’s degree in Computer Science, Information Security, or related fields. Benefits Medical insurance coverage Social insurance Salary advance