Get to know our Team:
The Grab’s AppSec security engineering team is part of the Cyber Security team at Grab, and we focus on the problem of keeping our systems /apps/services safe and protecting our customers while adapting to the high-speed growth of our business and our enormous scale.
We are the team focusing on keeping interactions on our platform as simplified as possible using advanced engineering to detect, mitigate, and remediate vulnerabilities and security flaws in Grab.
Get to know the Role:
We are looking for an outstanding Security Engineer who will be performing system architecture review, code review, training of staff, and organizing penetration testing and possible red teaming for various systems of Grab, Grab Joint Venture initiatives i.e Digibank. The job might also involve incident prevention and response and includes individual as well as teamwork and the applicant should feel comfortable with both. The ability to perform systems security or vulnerability analysis and design, demonstration of excellent communication skills, creative problem solving, and strong passion along with being a team player with proven success in achieving deadlines is a plus.
The day-to-day activities:
Identification and remediation of high priority [Web/Mobile] application/environment security issues, including:
Screening potential issues
Providing remediation guidance
Conducting validations of potential fixes or mitigations
Providing risk and impact assessments of vulnerabilities or proposed mitigations
Supporting other 24/7 Cyber Security teams with application security expertise
Managing Grab’s Bug Bounty Program on HackerOne
Triage security issues reported from Grab’s Bug bounty program
Follow-up with the relevant development teams for fixes.
Follow-up and help Incident response team with the investigation
Conducting security architecture review of the full stack including applications built on cloud and emerging technologies
Conducting manual application security testing and source code auditing for a variety of technologies
Providing clear and detailed risk assessment and remediation guidelines for developers and business owners
Conducting penetration testing targeting critical Application data, services, and environments; reporting underlying security issues and proposing improved security protections
Security research on the latest standard methodologies, trends, threats, and vulnerabilities, and technology frameworks
Documenting and disseminating security guidelines for common security issues, remediation mentorship, and security technology baselines
Developing tools and exploits to support application security review and/or penetration testing There may be occasional travel to meet other team members in other regions.
7+ years of security industry experience utilizing web/mobile application security and knowledge of security/threat landscape.
Working experience with cloud technologies such as AWS, Google Cloud, Ali, and Azure.
Strong understanding of defence in depth methodologies.
Technical ability: Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, GoLang, C++. Excellent knowledge of pen-testing tools and procedures for Web/Mobile.
Flair for automation: Should be passionate about automating security testing and penetration testing using tools and code
Architecture skills: Passion for system architecture with a primary focus on security aspects.
Security knowledge: Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organization via enhancements to the existing environment.
Communication: Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations, and assist in developing the architecture and implementation plan for approved solutions.
Teamwork and advocacy: Fostering a culture of security consciousness across various teams.
Data-Driven: Develop and maintain a comprehensive set of security benchmarks and guidelines that are readily adoptable by the system and network administrators and software engineers.
Nice to Have:
Experienced in vulnerability management, patching automation, and understanding of VA/PT techniques
Cyber Security certifications like OSCP\OSCE\CREST will be an added advantage
Get to know Grab:
Grab is more than just the leading ride-hailing and mobile payments platform in Southeast Asia. We use data and technology to improve everything from transportation to payments and financial services across a region of more than 620 million people. We work with governments, drivers, passengers, merchants, and the community, to solve critical problems in Southeast Asia.
Grab began as a taxi-hailing app in 2012, but we have since extended our product platform to include GrabCar, GrabShare, GrabBike, GrabHitch, GrabExpress, GrabFood, GrabCoach, GrabShuttle, GrabCycle. We recently launched our fintech platform – GrabFinancial, which consists of payments, lending and insurance. Our latest addition is GrabVentures, an in-house incubation platform. We are focused on pioneering new commuting and payment alternatives for drivers and passengers with an emphasis on convenience, safety, and reliability. Currently, we offer services in 8 countries. Our R&D offices are in Singapore, Seattle, Beijing, Bangalore, Jakarta and Vietnam. We aspire to unlock the true potential of Southeast Asia and look for like-minded individuals to join us on this ride.
If you share our vision of driving South East Asia forward, apply to join our team today.