Get to know our Team:
The Grab’s Corporate Information Security team is part of the information security at Grab and we focus on the problem of keeping our systems safe and protect our customers while adapting to the high-speed growth of our business and our enormous scale. We are the team focusing on keeping interactions on our platform as simplified as possible using advanced engineering to detect, mitigate and remediate vulnerabilities and security flaws in Grab.
Get to know the Role:
- Design, plan, test and implement infrastructure solutions to securely support the enterprise infrastructure.
- Identify and remediate security gaps using industry best practices and automated solutions.
- Provide advice on security best practices, and guide teams in developing, adopting and enforcing security standards within the organization.
- Go beyond compliance to implement the latest security tools and techniques that improve the security posture of the organization.-
- Perform periodic reviews and monitor networks, analyze logs and systems in order to prohibit the unauthorized use, prevent loss of critical information, and maintain service availability.
- Participate in external and internal audits and bring them to successful completion.
- Partner with members of the InfoSec & IT to work with Grab’s leadership to provide status and reporting on the state of security across the entire Grab infrastructure, and corporate technical stack.
- Work closely with project managers, developers, and vertical teams to avoid redundancy, minimize expenditures and improve overall synergy within the organization.
The day-to-day activities:
- Identify the security loophole in the system and provide a permanent solution for the same.
- Identify process that is manual and improve the process through automation.
- Ensure security best practice is followed at every level and provide a solution to improve an existing process.
- Be involved in the design and subsequent implementation of software and service infrastructure Mentor other engineers, define our technical culture and help build a fast-growing team
The must haves:
- 10+ years of experience in designing and implementing complex security systems.
- Working experience with cloud technologies such as AWS, Google Cloud and Azure.
- Strong understanding of defense in depth methodologies.
- Strong foundation and in-depth technical knowledge of security engineering, authentication and security protocols, and applied cryptography.
- Strong skills in at least one or more scripting language; Perl, Python, Go, or Shell Passionate about security, enjoy challenges and maintains up-to-date knowledge of available and emerging security threats and various security technologies.
- Strong interpersonal skills with the ability to communicate and work effectively across the organization in a fast-paced and challenging environment.
Nice to Have:
- Experienced in implementing and managing HIDS/NIDS, FIM, SIEM solutions.
- Experienced with directory services and single-sign-on solutions.
- Experienced in vulnerability management, patching automation and understanding of VA/PT techniques TOGAF and CISSP certifications Knowledge of information security standards like ISO 27001, PCI-DSS will be an added advantage
