Senior Security Engineer, Application SecurityMalaysia
Grab
This job is no longer accepting applications
See open jobs at Grab.See open jobs similar to "Senior Security Engineer, Application SecurityMalaysia" Sovereign’s Capital.Life at Grab
At Grab, every Grabber is guided by The Grab Way, which spells out our mission, how we believe we can achieve it, and our operating principles - the 4Hs: Heart, Hunger, Honour and Humility. These principles guide and help us make decisions as we work to create economic empowerment for the people of Southeast Asia.
Get to know the Team
The Grab’s Application Security team is part of the Cyber Security team at Grab, and we focus on keeping our application and data safe while adapting to the high-speed growth of our business. We are the team who focus on exploring and using advanced techniques to detect, mitigate, and remediate vulnerabilities and security flaws in Grab. If you are looking for an environment where you could continuously learn and grow, then you should join our team!
Get to know the Role
We are looking for someone who is passionate about exploring new technologies (i.e. LLM) and methodologies to elevate and participate in redefining a new generation of Application Security function. This role will report into the Application Security function; working alongside other security engineers who are responsible for Application Security of apps and services in the areas of threat modeling, specification reviews, code reviews, and penetration testing. We believe a successful candidate is a team player, who has excellent communication skills, creative problem solving ability, and a strong passion in cybersecurity, but if you believe you have what it takes then we’d love to hear from you either way. This role is required because we care about our Grab’s mission and we would like someone who is outstanding to perform code review and organize penetration testing and possible red teaming for various systems at Grab.
The Day-to-Day Activities
Identify and drive remediation of high-priority Web/Mobile application/environment security issues, including:
Screening potential issues
Providing remediation guidance to issue owners ○ Conducting validations of potential fixes or mitigations
Providing risk and impact assessments of vulnerabilities or proposed mitigations
Support other Cyber Security teams with application security expertise
Participate in Grab’s Bug Bounty Program on HackerOne
Triage security issues reported from Grab’s Bug bounty program
Follow-up with the relevant development teams for fixes.
Follow-up and help Cyber incident response team with the investigation
Conduct application security testing and source code auditing for a variety of technologies
Provide clear and detailed risk assessment and remediation guidelines for developers and business owners
Conduct penetration testing targeting critical Application data, services, and environments; reporting underlying security issues and proposing improved security protections
Research on the latest cybersecurity standard methodologies, trends, threats, and vulnerabilities, and technology frameworks
Document and disseminate security guidelines for common security issues, remediation mentorship, and security technology baselines
Develop tools and exploits to support application security review and/or penetration testing
The Must-Haves
You have Heart, Hunger, Honour and Humility
7+ years of security industry experience utilizing web/mobile application security and knowledge of the security / threat landscape.
Working experience with cloud technologies such as AWS, Google Cloud, Ali, and Azure.
Strong understanding of defense in-depth methodologies.
Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, GoLang, C++.
Excellent knowledge of pen-testing tools and procedures for Web/Mobile.
Passionate about automating security testing and penetration testing using tools and code
Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organization via enhancements to the existing environment.
Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations, and assist in developing the architecture and implementation plan for approved solutions.
Strong, proven track record of delivering results in fast-paced, resource-scarce environments
Teamwork and advocacy: Fostering a culture of cybersecurity across various teams
The Nice-to-Haves
Experienced in vulnerability management, patching automation, and understanding of VA/PT techniques
Cyber Security certifications like OSCP/OSCE/CREST will be an added advantage
Our Commitment
We are committed to building diverse teams and creating an inclusive workplace that enables all Grabbers to perform at their best, regardless of nationality, ethnicity, religion, age, gender identity or sexual orientation and other attributes that make each Grabber unique.
Equal opportunity
Grab is an equal opportunity employer. We owe our success to the talents of our globally-diverse team and the varying perspectives they add to our thriving community.
Recruitment agencies
Grab does not accept unsolicited resumes sent by recruiting agencies. Please do not forward resumes to our job postings, Grab employees or other parts of the business. Grab will not be liable to pay any fees to agencies for candidates hired as a result of unrequested resumes.
This job is no longer accepting applications
See open jobs at Grab.See open jobs similar to "Senior Security Engineer, Application SecurityMalaysia" Sovereign’s Capital.