Senior AppSec Engineer
Petaling Jaya, Malaysia
Grab
Grab is Southeast Asia’s leading superapp. It provides everyday services like Deliveries, Mobility, Financial Services, and More.Company Description
Life at Grab
At Grab, every Grabber is guided by The Grab Way, which spells out our mission, how we believe we can achieve it, and our operating principles - the 4Hs: Heart, Hunger, Honour and Humility. These principles guide and help us make decisions as we work to create economic empowerment for the people of Southeast Asia.
Job Description
Get to know the team
The DevSecOps team at Grab is dedicated to integrating security practices into our development and operations processes. With a focus on ensuring the security and reliability of our services, we strive to stay ahead of emerging threats and protect our users' data.
Get to know the role
We are seeking a talented and experienced Senior AppSec Engineer to join our dynamic team. The ideal candidate will possess a strong background in AppSec tools, application security and automation. As a Senior AppSec Engineer, you will play a crucial role in architecting and implementing application security practices across our organization.
Responsibilities:
- Implement and maintain application security tools such as Static Security Testing, Dynamic security Testing, Dependency scanning solutions and Supply Chain Security.
- Develop and automate security processes using Python and Go Lang to enhance efficiency and scalability.
- Collaborate with cross-functional teams to integrate security into the software development lifecycle (SDLC) and CI/CD pipelines.
- Provide expertise and guidance on application security best practices and assist in the implementation of secure coding standards.
- Conduct security assessments, vulnerability scanning, and penetration testing to identify and remediate security vulnerabilities.
- Stay abreast of emerging security threats, industry trends, and best practices in DevSecOps.
Qualifications
The Must-Haves:
- Bachelor's degree in Computer Science, Information Technology, or related field.
- 7+ years of security industry experience utilizing web/mobile application security and knowledge of the security / threat landscape.
- Proven experience in DevSecOps practices, including the implementation and management of DevSecOps tools such as GIT, SAST, DAST, Secret Scanning, and dependency scanning solutions.
- In-depth knowledge of application security principles, common vulnerabilities, and secure coding practices. Excellent knowledge of pen-testing tools and procedures for Web/Mobile.
- Demonstrated proficiency in setting up and managing CI/CD pipelines, particularly in platforms such as GitLab and Jenkins.
- Extensive experience in safeguarding software supply chains, ensuring the integrity and security of dependencies and components throughout the development lifecycle.
- Strong programming skills in Python and Go Lang with experience in automation and scripting.
- Excellent communication and collaboration skills with the ability to work effectively in a fast-paced, team-oriented environment.
The Nice-to-Haves:
- Experience with containerization technologies (e.g., Docker, Kubernetes) and cloud platforms (e.g., AWS, Azure, GCP) is a plus.
- Experienced in vulnerability management, patching automation, and understanding of VA/PT techniques
- Cyber Security certifications like OSCP/OSCE/CREST/CDE will be an added advantage
Additional Information
Our Commitment
We are committed to building diverse teams and creating an inclusive workplace that enables all Grabbers to perform at their best, regardless of nationality, ethnicity, religion, age, gender identity or sexual orientation and other attributes that make each Grabber unique.
If you are passionate about security, automation, and driving secure DevOps practices, we encourage you to apply for this exciting opportunity to make a significant impact on our organization's security posture and software development processes.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS Azure CI/CD Cloud Computer Science CREST DAST DevOps DevSecOps Docker GCP GitLab Jenkins Kubernetes OSCE OSCP Pentesting Python SAST Scripting SDLC Security assessment Vulnerabilities Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open PowerShell-related jobs