Maybank
Senior Engineer, Cloud Security Operations I IT Security
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Maybank
Maybank, or Malayan Banking Berhad, is Malaysia's largest financial services provider, established in 1960. Headquartered in Kuala Lumpur, it has expanded its operations across Southeast Asia and beyond, operating in at least nine countries, including Singapore, Thailand, and the United Kingdom. The bank is committed to humanizing financial services, focusing on ethical banking, community empowerment, and sustainability. Maybank offers a wide range of financial services, including retail and personal banking, investment banking, insurance, asset management, and stock broking. Its digital platform, Maybank2u, provides accessible solutions for everyday financial needs. The bank's investment banking division offers services such as debt advisory, project financing, and mergers and acquisitions. Maybank emphasizes digital integration and ethical practices, aiming to create positive change in the communities it serves.
Security at Maybank
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Maybank's AppSec philosophy emphasizes implementing a zero trust program and conducting regular security assessments such as penetration testing and vulnerability assessment. They also have a 'Zero Defect Programme' and mandatory cyber security and data privacy e-learning modules. The approach to working with developers includes 'embedding controls across workloads, containers, automation pipelines' and an 'Understanding of application Security considerations' in development roles. An explicit AppSec mission statement is not publicly available.”
Security Team
Maybank's Group Chief Information Security Officer (CISO) is Devinder Singh, who has commented on 'tactical threat intelligence' and sharing cyber threats. The Technology Risk Management Unit is led by the CISO. Technology Risk and Cyber Risk functions are within the 2nd line of defence. Explicit AppSec team structure (centralized vs embedded), headcount, and direct reporting lines for the AppSec function are not publicly available. LinkedIn job listings show multiple IT security and cloud security postings, including roles like Cloud Security Engineer and Cloud Security Architect, which involve 'embedding controls across workloads, containers, automation pipelines' and 'Support Zero Trust initiatives with PIM, JIT VM access'. A consolidated count of active AppSec-specific job postings is not publicly available.
Key Initiatives
- Maybank is 'implementing a zero trust program' and has a 'Zero Defect Programme'.
- They conduct 'regular security assessments such as penetration testing and vulnerability assessment' and a 'cyber-attack simulation program'.
- Developer-focused initiatives include 'embedding controls across workloads, containers, automation pipelines' and an 'Understanding of application Security considerations'.
- They are also rolling out 'Microsoft 365 Copilot across all its 44,000 employees' and 'leveraging Microsoft's advanced security tools'.
- There is no explicit public evidence of a formal 'Security Champions' program.
- Specific 'Shift Left' practices are inferred from job descriptions but not explicitly named as a program.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.