Senior Information Security Associate

Bengaluru

Applications have closed

Gojek

Gojek is Southeast Asia’s leading on-demand platform and a pioneer of the multi-service ecosystem model, providing access to a wide range of services including transportation, food delivery, logistics and more.

View company page

About the Role
If you’re looking to be a part of a dynamic, highly-analytical team and a chance to hone in on your InfoSec skills, look no further. As our Information Security Engineer, you will be an instrumental player in the Product Security team. In this role, you will frequently utilize your coding and engineering expertise as a second-line engineer. Along with independently handling product security reviews, you will also perform manual and automated code reviews, conduct software security tests, oversee vulnerability assessments for cloud-based tech stack, and assist in technical documentation and scripting for automating DevSecOps. In our humble opinion, the coolest part of this role is knowing that your work will directly ensure the safety of our Gojek family.

What You Will Do

  • Research and report on information security topics in support of security projects and initiatives
  • Participate in InfoSec meetings under the direct supervision
  • Assist senior staff members with security tasks including simple operations and projects
  • Execute and complete basic security tasks
  • Contribute and document security use cases under the guidance of senior team members
  • Compile security reports, gather user and system data related to policies and initiatives
  • Learn and operate security tools and perform entry-level security operational tasks

What You Will Need

  • At least 2 years of experience in a relevant industry
  • Software programming skills in: Java, Ruby, GoLang, Scala, and microservices application architecture
  • Thorough understanding of OWASP Top 10 for Web, Mobile, and APIs
  • Cloud security basics include cloud-native tech like K8s, Dockers
  • Usage of Pentest and VA tools like Nessus, Metasploit, Nexpose, Nmap, OpenVAS
  • Usage of SAST and DAST tools like OWASP ZAP, BurpSuite
About the Team
Gojek's Information Security team is a group of 70+ security engineers based primarily out of Bengaluru, Singapore, and Indonesia. The Product Security team, a sub-pod of the InfoSec team at Gojek, helps ensure that all applications, products, services, and platforms are being developed with adequate control measures to avoid security breaches, fraud, or abuse. To achieve this, we closely work with our product engineers and build secure software deployed within our cloud infrastructure. Additionally, we run the Gojek bug bounty programs and provide product security incident response capabilities.
Our mission is to enable Gojek engineering teams to build secure software while providing them the appropriate security context to make decisions and ultimately make Gojek the most trusted and safest platform to transact, eat, travel, and have fun 😊
As a team, we are concerned with the growth and safety of the company, and each other's personal growth and well being too. With WFH becoming more normalized, you best believe we have been sharing our favorite ways to prioritize a healthy work-life balance at home. Along with our desire to utilize smart technology and innovative engineering strategies to make people's lives easier, our team also bonds over our shared love for tea, and the latest movies & TV shows.

About Us
Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.
As of 2021, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.
Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.
Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.

Tags: APIs Burp Suite Cloud DAST DevSecOps Golang Incident response Java Metasploit Microservices Nessus Nmap OpenVAS OWASP Product security Ruby SAST Scala Scripting

Perks/benefits: Career development Startup environment

Region: Asia/Pacific
Country: India
Job stats:  8  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.