At Klook, we love creating moments of joy. Our platform connects people around the world with experiences that bring a smile to their faces, at a touch of a button. We are a global team of diverse Klookers who push boundaries every day, learn fast with feedback and take ownership to drive the change we want to see. Together, we help each other make the world a more joyful place. Up for the challenge? Join us today!
About this role
This role supports Klook in securing our web and mobile applications as well as API interfaces by conducting penetration testing. This individual will be part of the application security team in Singapore, reporting to our Security Lead. Our ideal candidate should be a self-motivated team player with strong analytical skills and detail-orientedness.
About Technology & Engineering
In a fast-growing industry like ours, we can’t afford to stand still. At Technology & Engineering, we constantly test and improve our products to create the best experience in the travel and leisure industry. The team hires curious and analytical people who are always to push boundaries and have real impact.
What you'll do
- Responsible for conducting penetration testing on web applications, mobile app (iOS, Android), and API interfaces
- Responsible for conducting security testing on application security risks such as injection, broken authentication or access control, sensitive data exposure, cross-site scripting and deserialization
- Assist in identifying new or emerging security attacks or techniques, while keeping aware of the current threat landscape and continuously updating with the evolving technology
What you'll need
- 1 - 3 years of experience in application security vulnerability assessment, analysis and remediation
- Degree or Diploma in Computer Science, Computer or Electronics Engineering, Information Technology or related disciplines
- Skilled with penetration testing tools such as Kali, Burp and nmap
- Familiar with basic programming languages such as python, C/C++ and scripting skills such as bash, regex, and mobile languages in iOS and Android
- Experienced in industry frameworks OWASP, Mitre CAPEC,, CWE of vulnerabilities, attack scenarios, exploitability, detectability and remediation advisory
- Familiar with cloud environment, cloud computing services and virtualization technologies
- Ability to collaborate effectively across among a geographically distributed team
- Ability to converse in both Mandarin and English for liaison with global stakeholders
- OSCP or equivalence certifications will be an added advantage
Klook is proud to be an equal opportunity employer. We hire talented and passionate people of all backgrounds. We believe that a joyful workplace is an inclusive workplace, one where employees from all walks of life have an equal opportunity to thrive. We’re dedicated to creating a welcoming and supportive culture where everyone belongs.
Klook does not accept unsolicited resumes from any temporary staffing agency, placement service or professional recruiter (“Agency”). Klook will not be responsible for, and will not pay, any fees, commissions or other payments related to such unsolicited resumes.
An Agency must obtain advance written approval from Klook’s Talent Acquisition Team to submit resumes, and then only in conjunction with a valid fully-executed agreement for service and in response to a specific job opening for which the Agency has been requested to submit resumes for. Klook will not be responsible for, and will not pay, any fees, commissions or other payments to any Agency that does not have such agreement in place or does not comply with the foregoing.