Security Engineering Manager II, Product

Get to know our Team:

The security engineering team is part of the information security team at Grab and we focus on the problem of keeping our mobile apps and platform safe for our customers and for our partners. We are the team focusing on keeping interactions on our platform as simplified as possible using advanced engineering to detect and prevent security vulnerabilities from slipping in to the platforms. We adopt a “secure by default” philosophy, leveraging DevSecOps methodologies to adopt a proactive security posture

Get to know the Role:

You will use your hands-on hacking and design skills to guide a team of highly skilled ethical hackers and security program managers.

• You would be creating and guiding the security strategy of our products, including Mobile, Web and API applications.

• You will guide the team of engineers and security program managers and prioritize security investments in ethical hacking, security reviews and program management

• You would use your technical abilities to inspire and guide the team to adopt security practices in the design and development process.

• You will guide engineers in triaging and rewarding our Bug Bounty researchers and create suitable incentives to make the program more effective.

• You would be working with different stakeholders in business and engineering to make sure that the product launches are reviewed for security and are covered for the compliance requirements.

• In this role you will need to display team leadership, use interpersonal skills, and be able to get things done by handling a certain level of ambiguity.

• You should be able to explore uncharted territories as needed and explore/build solutions based on recent research and open source software.

• You will need to clearly communicate high level strategy and technical details effectively across disciplines, locations, and organizations, including to senior leadership.

• You should display a strong bias for action; ability to juggle multiple priorities and build a sense of urgency in a dynamic environment.

• You should be able to focus on customer experience as a prime driver for the technical design.

The day-to-day activities:

• Create and execute the strategy for constantly improving the security of our products

• Collaborate with the different engineering teams to understand their pipeline and plan the resources for security reviews

• Guide security engineers on technical matters and set vision for the team

• Work with different stakeholders in the product and dev teams to understand key features being developed and guide them with matters related to security and design

• Drive automation of security tests

• Choose the right technologies and tools to improve our security posture

The must haves:

• Offensive Security expertise: You have significant experience as a successful ethical hacker. Advanced offensive security certifications like OSCE will be a plus. You have managed teams of security engineers for at least 2 years

• Knowledge of application security : You have excellent understanding of application and web security and are familiar with security frameworks like the OWASP Top 10. You have a good understanding of system design and architecture. You understand how architecture impacts privacy and security.

• Leadership skills: You can demonstrate your experience of managing Security Engineering teams. You also have excellent ability to distil problems to detailed plans and strategies.

• Mobile Security knowledge: You have knowledge and experience in the area of anti-fraud engineering or Security. You are conversant with the common attack patterns of rooting, data spoofing apps, memory manipulation etc and have tested applications to detect such vulnerabilities.

• Ability to learn quickly: You have a passion for technology and are able to pick up and learn new technological advances very quickly.

• Team Working: History of effectively working with and growing geo-distributed partner teams

• Data Driven: Proven ability to make smart feature versus time-to-market trade-offs; experience using data and metrics to back up assertions of business value.

• A Bachelors/Master’s/PHD: in Computer Science, Mathematics or an equivalent quantitative discipline.

Get to know Grab:

Grab is more than just the leading ride-hailing and mobile payments platform in Southeast Asia. We use data and technology to improve everything from transportation to payments and financial services across a region of more than 620 million people. We work with governments, drivers, passengers, merchants, and the community, to solve critical problems in Southeast Asia.

Grab began as a taxi-hailing app in 2012, but we have since extended our product platform to include GrabCar, GrabShare, GrabBike, GrabHitch, GrabExpress, GrabFood, GrabCoach, GrabShuttle, GrabCycle. We recently launched our fintech platform – GrabFinancial, which consists of payments, lending and insurance. Our latest addition is GrabVentures, an in-house incubation platform. We are focused on pioneering new commuting and payment alternatives for drivers and passengers with an emphasis on convenience, safety, and reliability. Currently, we offer services in 8 countries. Our R&D offices are in Singapore, Seattle, Beijing, Bangalore, Jakarta and Vietnam. We aspire to unlock the true potential of Southeast Asia and look for like-minded individuals to join us on this ride.

If you share our vision of driving South East Asia forward, apply to join our team today.