Product Security Engineer

Go Jek (Jakarta JK, Indonesia) 7 days ago
About the Role

An information security engineer is a go-to expert in one or more information security disciplines with an expertise wide knowledge in security architecture, processes, alignment to stakeholder teams, and accountability for effective measurement of security metrics. They should have prior experience in leading and executing large and technically complex security projects and initiatives.


What You Will Do

  • Participate in development of a small to medium complexity security project, process, or initiative within their technical focus area (cloud security, identity access management, vulnerability management, penetration testing)
  • Design, develop and maintain small to medium complexity security features and/or process changes with some guidance from more experienced team members.
  • Scope of activities are scoped to functional security assignments from senior team members or leads
  • Improve security operations by enhancing use cases, processes, and/or code structure
  • Collaborate in security reviews that follow the standards and practices of information security best practices that are recognized by their team members
  • Collaborate with senior security engineers to flesh out implementation details
  • Draw & learn security architecture and technologies

What You Will Need

  • Should have at least 4 years of experience in related field
  • A strong acumen and knowledge in tech architecture for cloud native and microservices based web and mobile applications besides API contracts
  • Experience in driving security posture enhancement projects like automation, threat modelling, ‘security-as-code’ , application security validation/testing/ QA integration and vulnerability/bug remediation through calibration and filtering false positives 
  • Experience in using manual and automated scanners like Nessus, Nexpose, Qualysguard, nmap. OpenVAS, Nexpose besides PT kits like Kali Linux, Metasploit
  • Mandatory certification CISSP, OSCP, CEH
  • Proficient in communicating in English
About the Team
The Product Security team in Gojek is responsible for driving security and privacy by design within the product lifecycle and engineering processes besides continuously researching and responding to evolving threats which could impact Gojek product’s viability to service its customers and remain compliant to the local laws and regulations as amicable. 

Product Security Engineer

Apply On Company Site
Back to search page
;