Surge Global is a digital consultancy that leverages marketing, data, and technology to help businesses grow. As Sri Lanka’s leading digital firm, we employ the best content, creative, design, and engineering talent the country has to offer.

Embracing a culture of transparency and equality in the workplace, we’ve built an environment that helps Sri Lanka’s best marketing and creative talent thrive. Our team approaches complex, multivariate challenges with an open mind and a strong willingness to continuously test, learn, and innovate.

With our headquarters in Colombo, Sri Lanka, we support and scale startups to Fortune 500 companies across the United States, Europe, Australia, Middle East, Papua New Guinea, Fiji, and Sri Lanka.

Responsibilities

• Design, implement, and maintain robust security architectures across infrastructure, applications, and networks.
• Lead threat detection, incident response, and forensic investigations to mitigate security breaches.
• Conduct regular vulnerability assessments, penetration testing, and risk analysis.
• Develop and enforce security policies, standards, and best practices across the organization.
• Monitor security tools (SIEM, IDS/IPS, EDR) and proactively identify potential threats.
• Collaborate with engineering, DevOps, and IT teams to embed security into system design and delivery (DevSecOps).
• Manage and respond to security incidents, ensuring proper documentation and post-incident reviews.
• Oversee identity and access management (IAM), ensuring least privilege and secure authentication mechanisms.
• Ensure systems comply with banking regulations and standards (PCI-DSS, ISO 27001, GDPR, local central bank guidelines).
• Mentor junior security engineers and contribute to team capability building.
• Stay updated with emerging threats, vulnerabilities, and financial-sector-specific attack vectors (e.g., payment fraud, API abuse).

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in cybersecurity, with at least 2 years in a senior or lead role, preferably in banking, fintech, or BFSI environments.
• Strong knowledge of network security, application security, and cloud security (AWS, Azure, or GCP).
• Hands-on experience with security tools such as SIEM (e.g., Splunk), firewalls, IDS/IPS, and endpoint protection.
• Experience in vulnerability management, penetration testing, and security auditing.
• Solid understanding of security frameworks and standards (ISO 27001, NIST, CIS Controls).
• Familiarity with scripting or programming languages (Python, Bash, or similar).
• Experience with DevSecOps practices and CI/CD pipeline security.
• Relevant certifications such as CISSP, CISM, CEH, or OSCP are highly preferred.
• Strong analytical, problem-solving, and incident management skills.
• Excellent communication skills with the ability to explain complex security concepts to non-technical stakeholders.
• Candidates with Fintec/BFS experience will be given priority.

Note: Employees will be transitioned to the client company upon completing three years at Surge