Company Description

Life at Grab

At Grab, every Grabber is guided by The Grab Way, which spells out our mission, how we believe we can achieve it, and our operating principles - the 4Hs: Heart, Hunger, Honour and Humility. These principles guide and help us make decisions as we work to create economic empowerment for the people of Southeast Asia.

Job Description

Get to know the team

The Cyber Security Policy, Audit Support & Remediation team is a young experienced team primarily responsible for developing, implementing, and maintaining robust cyber security policies. The policies are crucial to define the organization’s cyber security stance, set expectations, assign responsibilities, and enable concrete steps in case of a security breach. We serve as the key point of interaction for internal and external auditors and regulators, overseeing information requests, evidence gathering, and issue deliberation. If you are looking for an environment to grow and improve your skills in cybersecurity, we welcome you to be part of our team!

Get to know the role

The Cyber Security Policy, Audit Support & Remediation team is expanding our responsibilities to manage the reporting of vulnerabilities to Senior Management and the Board. The ideal candidate should understand the technical aspects of collating vulnerability data, analyzing the data to identify trends, and preparing dashboards and charts to report the results. You should have experience in triaging vulnerabilities and know how to determine the impact and severity of a vulnerability to enterprise systems. You will be working with multiple stakeholders from cybersecurity and engineering teams to prepare the reports.

The Day-to-Day Activities

• Vulnerability Management: Responsible for the complete life cycle of vulnerabilities including identifying, categorizing, prioritizing, remedying, and mitigating potential system vulnerabilities. This will involve:

  • Identification: Discovering potential vulnerabilities across our IT and cloud assets.

  • Categorization: Classifying identified vulnerabilities based on their nature and potential impact.

  • Prioritization: Determining the order in which vulnerabilities must be addressed based on factors like severity, exploitability, and business impact.

  • Remediation: Planning and proposing actions to correct identified vulnerabilities.

• VM Triaging: Apply your knowledge of vulnerability management to triage vulnerabilities effectively, ensuring the most high-impact vulnerabilities are addressed first.

• Automation & Reporting: Develop and employ automated solutions for vulnerability management reporting, streamlining the process, and ensuring accurate, timely reports. You will be expected to:

  • Automation: Develop and utilize automation methods for the identification, reporting and remediation of vulnerabilities, making the process more efficient.

  • Reporting: Generate accurate and timely reports on current vulnerabilities, their status, and remediation, which would benefit both technical and executive audiences.

• Cross-functional Collaboration: Work with different teams to drive vulnerability resolutions and increase awareness about potential threats, vulnerabilities, and remediation tactics across the organization.

• Continuous Improvement: Stay updated with the latest vulnerability trends and threats, ensuring Grab's systems remain secure and resilient.

Qualifications

The Must-Haves

• At least 5 years of experience focusing on vulnerability management in a complex technological environment.
• In-depth knowledge and hands-on experience with vulnerability triaging.
• Knowledge of vulnerabilities and misconfigurations in Cloud native applications
• Proven track record of leveraging automation for vulnerability management reporting.
• Excellent problem-solving skills and process-oriented thinking.
• Good communication skills, with the ability to converse technically with IT professionals and simplify complex concepts for non-technical stakeholders.
• BSc/MSc in Computer Science, Information Security, or a related field. Relevant professional certifications (e.g., CISSP, CISM, CEH) would be advantageous.

The Nice-to-Haves

• Knowledge on OWASP web Top 10 and OWASP API Security Top 10, OSCP certification
• Experience using tools such as Nmap, Wiz, Nessus, BurpSuite, Metasploit, etc.
• Basic knowledge in data technologies and analytical tools (e.g. SQL, Data Lake, Data Warehouse, PowerBI, Elastic, Kibana)
• Experience in creating dashboards and data visualizations (e.g., in Excel, PowerBI, Kibana) for reporting key metrics and stats would be an advantage
• Experience with programming in Python
• Knowledge of vulnerability management processes and solutions

Additional Information

Our Commitment

We recognize that with these individual attributes come different workplace challenges, and we will work with Grabbers to address them in our journey towards creating inclusion at Grab for all Grabbers.