Get to know our Team:
The Application Security team is part of the Information Security team at Grab and we focus on the
problem of keeping our mobile apps and platform safe for our customers and for our partners. We are
the team focusing on keeping interactions on our platform as simplified as possible using advanced
engineering to detect and prevent security vulnerabilities from slipping into the platforms. We adopt a
“secure by default” philosophy, leveraging DevSecOps methodologies to adopt a proactive security
posture.
Get to know the Role:
- You will use your hands-on skills to guide a team of highly skilled Application Security Engineers and Security Program Managers
- You would be creating and guiding the security strategy of our products, including Mobile, Web and API applications
- You will lead a team of around 6-7 Security Engineers/Sr. Security Engineers and prioritize security investments in security reviews, automation, left-shifting, and program management
- You would use your technical abilities to inspire and guide the team to adopt security practices in the design and development process
- You would be working with different stakeholders in business and engineering to make sure that the product launches are reviewed for security and are covered for the compliance requirements
- In this role, you will need to display team leadership, use interpersonal skills, and be able to get things done by handling a certain level of ambiguity
- You should be able to explore uncharted territories as needed and explore/build solutions based on recent research and open-source software
- You will need to clearly communicate high-level strategy and technical details effectively across disciplines, locations, and organizations, including senior leadership
- You should display a strong bias for action; ability to juggle multiple priorities and build a sense of urgency in a dynamic environment
- You will guide engineers in triaging and rewarding our Bug Bounty researchers and create suitable incentives to make the program more effective
- You will need to research, strategize, develop/run security engineering toolsets introducing advanced security automation
The day-to-day activities:
- Perform gap analysis and identify the security loopholes in Grab and Grab partnered ventures and providing solutions for the same
- Ensure security best practice is followed at every level and provide a solution to improve an existing process
- Identify the processes that are manual and improve them through automation
- Be involved in the design and subsequent implementation of software and service infrastructure
- Be a brilliant people manager, which should be established as a go-to role model for the team members
- Guide Security Engineers on technical matters and be the driving factor
The must-haves:
- Around 10 years of experience in designing and implementing security in complex systems
- Strong understanding of defense-in-depth methodologies
- Working experience with at least one of the cloud technologies such as AWS, Google Cloud, Alibaba Cloud or Azure
- Security and development experience in Mobile and Web platforms
- Strong foundation and hands-on knowledge of security engineering
- Hands-on experience with one of the programming languages such as Golang, Java, C# or Python
- Sound understanding of DevSecOps, API gateways and security considerations around it.
- Passionate about security, enjoy challenges and maintains up-to-date knowledge of available and emerging security threats and various security technologies.
- Demonstrate your experience in leading Security Engineering teams and have an excellent ability to distill problems to detailed plans and strategies
- Strong interpersonal skills with the ability to communicate and work effectively across the organization in a fast-paced and challenging environment
- Basic understanding of Infrastructure Security, Security Assurance, and Incident Response
Nice to Have:
- Experienced in vulnerability management, patching automation and understanding of VA/PT techniques
- Certifications like OSCP\OSCE will be an added advantage
Get to know Grab:
Grab is more than just the leading ride-hailing and mobile payments platform in Southeast Asia. We use data and technology to improve everything from transportation to payments and financial services across a region of more than 620 million people.
We work with governments, drivers, passengers, merchants, and the community, to solve critical problems in Southeast Asia. Grab began as a taxi-hailing app in 2012, but we have since extended our product platform to include GrabCar, GrabShare, GrabBike, GrabHitch,
GrabExpress, GrabFood, GrabCoach, GrabShuttle, GrabCycle. We recently launched our fintech platform – GrabFinancial, which consists of payments, lending and insurance. Our latest addition is GrabVentures, an in-house incubation platform.
We are focused on pioneering new commuting and payment alternatives for drivers and passengers with an emphasis on convenience, safety, and reliability. Currently, we offer services in 8 countries. Our R&D offices are in Singapore, Seattle, Beijing, Bangalore, Jakarta, and Vietnam.
We aspire to unlock the true potential of Southeast Asia and look for like-minded individuals to join us on this ride. If you share our vision of driving South East Asia forward, apply to join our team today.
