Product Security Engineer - Merchant Platform

About the Role
If you’re looking to be a part of a dynamic, highly-analytical team and an opportunity to dive deep into projects surrounding Product Security, look no further.As our Product Security Engineer for Merchant Platform, you’ll take the wheel in building and maintaining our product security program and. Along with conducting product security, you will be in charge of ensuring security best practices implementation within the Merchant Platform product and infrastructure.
Working closely with data and engineering, you will get to provide a secure platform for our merchants, partners, and consumers. The cherry on top: you’ll get to be a part of a team that works to provide the best protection by having a high standard of information security.

What You Will Do

• Provide technical solution for IT operation and software development team to design a secure application & infrastructure environment, perform penetration testing on application, and maintain the application and infrastructure to fulfill the security best practices
• Designs, develops and maintains small to medium complexity security features and/or process changes with some guidance from more experienced team members.
• Handle and report security incidents and/or findings and communicate to respective stakeholders
• Contribute to automation of security testing based on part of secure SDLC
• Concise documentation for security use cases and operational improvements
• Collaborates in security reviews that follow the standards and practices of information security best practices that are recognized by their team member
• Maintain an up to date information on newest security vulnerability and document plan on mitigation process

What You Will Need

• Have knowledge on Mobile and Web App Security, Vulnerability Management and Penetration Testing
• Preferable to have knowledge on other cyber security domains such as Identity Access Management, DevSecOps, Incident Response, Cloud Security, Zero Trust, etc.
• A strong acumen and understanding of tech architecture for cloud native and microservices based web and mobile applications
• Detailed working knowledge of low-level network protocols (e.g. HTTP, IPv4, TCP, UDP, ICMP, Ethernet, and 802.11),  Penetration Testing, Linux/Unix system, Orchestration (Docker, Kubernetes), and Cloud Security
• Have knowledge in penetration testing, documentation, and great attention to detail
• Detailed working knowledge of programming skills for IT security automation, such as python, PHP, or bash scripting
• Preferable to hold IT Security certifications such as OSCP, eWPT, or similar certification
• Demonstrated good communication,  interpersonal skills, and Speak and write in English with business-level fluency

About the Team
The Product Security team in Merchant Platform is responsible for driving security and privacy by design within the product lifecycle and engineering processes besides continuously researching and responding to evolving threats which could impact Merchant Platform product’s viability to service its customers and merchants and remain compliant to the local laws and regulations as amicable. We are a small team of 13 people based in Jakarta.
The great thing about having a small team is that we've all naturally grown very close, both professionally and personally, and really rely on each other to get the job done. Since we started WFH, our team has had a bi-weekly "fun hour" on Thursdays via Zoom. We use the time to share knowledge, update each other on our lives, sometimes work on a joint side project for research and learning, or simply play online games together!
About Gojek
Gojek is a Super App. It is one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and a dozen other products. We are Indonesia’s first decacorn. We are  also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business, and MSMEs.
As of 2018, Gojek processed more than $9 billion in annualized gross transaction value across all markets where it operates - in Singapore, Vietnam, and Indonesia. We have the largest food delivery product in Asia (outside of China) and is the largest payments wallet in Southeast Asia.
Gojek contributed IDR 249 T to the Indonesian economy (equivalent to 2% of Indonesia's GDP in 2020). As of Q1 2021, the Gojek App witnessed over 190mn downloads by customers. The platform has over 2mn Driver Partners & ~900000 Merchant Partners across SEA.
About GoTo Financial
GoTo Financial brings secure, reliable, and user-friendly financial solutions to over 55 million monthly active users, more than 14 million merchants, and over 2.5 million driver-partners eager to benefit from the digital economy in the GoTo ecosystem.
GoTo Financial’s consumer services include GoPay, GoPayLater, and other financial services. We also serve businesses of all sizes through leading payment gateway Midtrans, Indonesia’s largest cloud POS network Moka and GoKasir. We also have the all-in-one merchant solution GoBiz, GoBiz Plus, GoStore, and Selly - available in Indonesia and Southeast Asia.
Gojek and GoTo Financial are committed to building a diverse and inclusive workplace and are equal opportunity employers. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.