Get to know our Team:The Grab’s Corporate Information Security team is part of the information security at Grab and we focus on the problem of keeping our systems safe and protect our customers while adapting to the high-speed growth of our business and our enormous scale. We are the team focusing on keeping interactions on our platform as simplified as possible using advanced engineering to detect, mitigate and remediate vulnerabilities and security flaws in Grab.
Get to know the Role:We are looking for an outstanding Security Engineer who will be performing system architecture review, code review, training of staff, and organizing penetration testing and possible red teaming for Grab Joint Venture’s various systems. The job might also involve incident prevention and response and includes individual as well as teamwork and the applicant should feel comfortable with both. Ability to perform systems security or vulnerability analysis and design is a must. Demonstration of excellent communication skills, creative problem solving, and strong passion is a must. Must be a team player with proven success in achieving aggressive deadlines.
The day-to-day activities:
- Participate in technical and product review meetings making sure that the security concerns are taken care of
- Conduct design reviews, code reviews and threat modeling of the Product features
- Produce detailed threat models of the products
- Perform penetration testing on the products and uncover vulnerabilities
- Automate/Script penetration testing to enable us to scale faster
- Take care of compliance needs for Grab Joint Venture initiatives
- Participate in audits and provide information as necessary
The must haves:
- Technical ability: Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, GoLang, C++. Excellent knowledge of pen testing tools and procedures for Web/Mobile.
- Flair for automation: Should be passionate about automating security testing and penetration testing using tools and code
- Architecture skills: Passion for system architecture with a primary focus on security aspects
- Security knowledge: Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organization via enhancements to the existing environment.
- Communication: Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations and assist in developing the architecture and implementation plan for approved solutions.
- Teamwork and advocacy: Fostering a culture of security consciousness across various teams.
- Data Driven: Develop and maintain a comprehensive set of security benchmarks and guidelines that are readily adoptable by the system and network administrators and software engineers.
- A Bachelors/Masters in Computer Science, Mathematics or an equivalent quantitative discipline.
