Skip to main content

Job Summary

Company
Grab​

Location
Beijing, China​

Job Type
Contract (1 year)

Pay Rate
Competitive Salary

Years of Experience
Experienced(2-5 Years)

Job Reference Code
J1900193

Product Security Engineer - Application Security

Posted on Jun 25, 2019
Grab
Beijing, China

About Company:

Grab is more than just the leading ride-hailing and mobile payments platform in Southeast Asia.

We use data and technology to improve everything from transportation to payments across a region of more than 620 million people. Working with governments, drivers, passengers, and the community, we aim to unlock the true potential of the region by solving problems that hinder progress.


Job Profile:

We are looking for an outstanding Security Engineer who will be performing system architecture review, code review, training of staff, and organizing penetration testing and possible red teaming for Grab Joint Venture’s various systems.


Job Details:

Get to know our Team:

The Grab’s Product Security team is part of the information security at Grab and we focus on the problem of keeping our systems safe and protect our customers while adapting to the high-speed growth of our business and our enormous scale. We are the team focusing on keeping interactions on our platform as simplified as possible using advanced engineering to detect, mitigate and remediate vulnerabilities and security flaws in Grab.

Get to know the Role:

We are looking for an outstanding Security Engineer who will be performing system architecture review, code review, training of staff, and organizing penetration testing and possible red teaming for Grab Joint Venture’s various systems. The job might also involve incident prevention and response and includes individual as well as teamwork and the applicant should feel comfortable with both. Ability to perform systems security or vulnerability analysis and design is a must. Demonstration of excellent communication skills, creative problem solving, and strong passion is a must. Must be a team player with proven success in achieving aggressive deadlines.

The day-to-day activities:
 

  • Identification and remediation of high priority [web] application/environment security issues, including
               - Screening potential issues
               - Providing remediation guidance
  • Conducting validations of potential fixes or mitigations
  • Providing risk and impact assessments of vulnerabilities or proposed mitigations
  • Supporting other 24/7 Information Security teams with application security expertise
  • Managing Grab’s Bug Bounty Program on HackerOne 
  • Triage security issues reported from Grab’s Bug bounty program
  • Follow-up with the relevant development teams for fixes.
  • Follow-up and help Incident response team with investigation
  • Conducting security architecture review of the full stack including applications built on cloud and emerging technologies
  • Conducting manual application security testing and source code auditing for a variety of technologies
  • Providing clear and detailed risk assessment and remediation guidelines for developers and business owners
  • Conducting penetration testing targeting critical Apple data, services, and environments; reporting underlying security issues and proposing improved security protections
  • Security research on the latest standard methodologies, trends, threats and vulnerabilities, and technology frameworks
  • Documenting and disseminating security guidelines for common security issues, remediation mentorship, and security technology baselines
  • Developing tools and exploits to support application security review and/or penetration testing
  • There may be occasional travel to meet other team members in other regions.


The must haves:

  • Technical ability: Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, GoLang, C++. Excellent knowledge of pen testing tools and procedures for Web/Mobile.
  • Flair for automation: Should be passionate about automating security testing and penetration testing using tools and code
  • Architecture skills: Passion for system architecture with a primary focus on security aspects
  • Security knowledge: Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organization via enhancements to the existing environment.
  • Communication: Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations and assist in developing the architecture and implementation plan for approved solutions.
  • Teamwork and advocacy: Fostering a culture of security consciousness across various teams.
  • Data Driven: Develop and maintain a comprehensive set of security benchmarks and guidelines that are readily adoptable by the system and network administrators and software engineers.
  • Education: A Bachelors/Masters in Computer Science, Mathematics or an equivalent quantitative discipline.

Apply Now

Latest Jobs

Ceramic Ball Material Scientist
Competitive Salary
Shandong, China

Pulp Research Scientist
Competitive Salary
Shandong, China

Teacher of Chemistry
Competitive Salary
Beijing, China

Teacher of Computer
Competitive Salary
Beijing, China

AP English Teacher
25,000 - 30,000 RMB/Month
Beijing, China

Teacher of Drama
25,000 - 35,000 RMB/Month
Beijing, China


Find us on social media