We are looking for an outstanding Security Engineer who will be performing system architecture review, code review, training of staff, and organizing penetration testing and possible red teaming for various systems of Grab, Grab Joint Venture initiatives i.e Digibank. The job might also involve incident prevention and response and includes individual as well as teamwork and the applicant should feel comfortable with both. The ability to perform systems security or vulnerability analysis and design, demonstration of excellent communication skills, creative problem solving, and strong passion along with being a team player with proven success in achieving deadlines is a plus.
The day-to-day activities:
- Identification and remediation of high priority [Web/Mobile] application/environment security issues, including:
- Screening potential issues
- Providing remediation guidance
- Conducting validations of potential fixes or mitigations
- Providing risk and impact assessments of vulnerabilities or proposed mitigations
- Supporting other 24/7 Cyber Security teams with application security expertise
- Managing Grab’s Bug Bounty Program on HackerOne
- Triage security issues reported from Grab’s Bug bounty program
- Follow-up with the relevant development teams for fixes.
- Follow-up and help Incident response team with the investigation
- Conducting security architecture review of the full stack including applications built on cloud and emerging technologies
- Conducting manual application security testing and source code auditing for a variety of technologies
- Providing clear and detailed risk assessment and remediation guidelines for developers and business owners
- Conducting penetration testing targeting critical Application data, services, and environments; reporting underlying security issues and proposing improved security protections
- Security research on the latest standard methodologies, trends, threats, and vulnerabilities, and technology frameworks
- Documenting and disseminating security guidelines for common security issues, remediation mentorship, and security technology baselines
- Developing tools and exploits to support application security review and/or penetration testing There may be occasional travel to meet other team members in other regions.
- 7+ years of security industry experience utilizing web/mobile application security and knowledge of security/threat landscape.
- Working experience with cloud technologies such as AWS, Google Cloud, Ali, and Azure.
- Strong understanding of defence in depth methodologies.
- Technical ability: Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, GoLang, C++. Excellent knowledge of pen-testing tools and procedures for Web/Mobile.
- Flair for automation: Should be passionate about automating security testing and penetration testing using tools and code
- Architecture skills: Passion for system architecture with a primary focus on security aspects.
- Security knowledge: Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organization via enhancements to the existing environment.
- Communication: Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations, and assist in developing the architecture and implementation plan for approved solutions.
- Teamwork and advocacy: Fostering a culture of security consciousness across various teams.
- Data-Driven: Develop and maintain a comprehensive set of security benchmarks and guidelines that are readily adoptable by the system and network administrators and software engineers.
Nice to Have:
- Experienced in vulnerability management, patching automation, and understanding of VA/PT techniques
- Cyber Security certifications like OSCP\OSCE\CREST will be an added advantage