Get to know our Team:
The DevSecOps team is responsible for building secure infrastructure. We design security solutions which are easy to use and effective in the long run, monitor threats and vulnerabilities and provide several levels of protections to our complete infrastructure. Our team is passionate about the details and we work very closely with a wide range of stakeholders.
Get to know the Role:
- Design and implement security best practices across all Grab infrastructure.
- Identify and remediate security gaps using industry best practices and automated solutions.
- Provide advice on security best practices, and guide teams in developing, adopting and enforcing security standards within the organization.
- Go beyond compliance to implement the latest security tools and techniques that improve the security posture of the organization.- Perform periodic reviews and monitor networks, analyze logs and systems in order to prohibit unauthorized use, prevent loss of critical information, and maintain service availability.
- Build out Compliance automation by developing in-house tools as well as evaluating and deploying third party products by doing PoCs.
- Participate in external and internal audits and bring them to successful completion.
The day-to-day activities:
- Identify security loop hole in the system and provide permanent solution for the same.
- Identify process that are manual and improve the process through automation.
- Ensure security best practice is followed at every level and provide solution to improve existing process.
- Be involved in the design and subsequent implementation of software and service infrastructure
- Mentor other engineers, define our technical culture, and help build a fast-growing team
The must haves:
- 5+ years of experience in designing and implementing security systems.
- Strong understanding of Linux and Network security in depth.
- Strong foundation and in-depth technical knowledge of security engineering, authentication and security protocols and applied cryptography.
- Strong skills in at least one or more scripting language; Perl, Python, Go, or Shell- Passionate about security, enjoy challenges and maintains up-to-date knowledge of available and emerging security threats and various security technologies.
- Strong interpersonal skills with the ability to communicate and work effectively across the organization.
Nice to Have:
- Experienced with any of the cloud technologies AWS, Google cloud, Azure.
- Experienced in implementing and managing HIDS/NIDS, FIM, SIEM solutions.
- Experienced with directory services and single-sign-on solutions.
- Experienced with vulnerability management, patching automation and understanding of VA/PT techniques
- Knowledge of information security standards like ISO 27001, PCI-DSS will be an added advantage
