Senior Security Engineer
Kuala Lumpur, Malaysia
ShopBack
ShopBack enables shoppers to discover the best prices and offers, pay easily and get rewards for shopping. Find out about job and partnership opportunities, the latest news from ShopBack, as well as our products and features.From those late-night musings emerged the ShopBack Group, now the leading shopping, rewards, and payments platform in Asia-Pacific. With over 45 million shoppers across 12 markets (and counting!), ShopBack now facilitates more than half a million transactions daily for over 20,000 online and in-store partners.
Fresh off its debut in the European market, ShopBack is on the lookout for thrill-seekers to embark on this exhilarating journey to build The World's Most Rewarding Way to Shop. Get ready for the ride of a lifetime: a blend of startup spirit woven into a solid business foundation.
Warning: Not for the faint-hearted. Possible side effects may include spending more on shopping (but don't worry — you earn Cashback).==========
We are seeking a skilled and dedicated Security Engineer to join our team. The Security Engineer will be responsible for ensuring our information systems' integrity, confidentiality, and availability. This role involves designing, implementing, and maintaining security protocols, monitoring potential security breaches, and responding to incidents to protect our organization’s data and infrastructure.
Your Adventure Ahead
- Design and Implementation:
- Review Design and architecture documents and threat model the same along with engineering teams.
- Build and implement proactive security solutions like libraries, SDK, etc to make our systems and services secure-by-default.
- Develop and implement security policies, protocols, and procedures.
- Testing and Audit:
- Understand information security concepts & be able to conduct vulnerability assessments and penetration testing on Web, Mobile, Infra, REST APIs.
- Do secure code reviews using tools. Should be able to write custom code review rulesets.
- Build and maintain toolings and processes to support the DevSecOps pipeline.
- Should be able to recommend solutions or compensatory controls to fix security issues or reduce the risk to acceptable extent.
- Develop quick proof of concept to test hypotheses and explain exploits.
- Perform and support audits by providing relevant information and evidence.
- Perform third-party risk assessment when needed.
- Monitoring and Response:
- Monitor and setup alerting on WAF and application and cloud logs.
- Respond to security incidents, conducting thorough investigations and providing mitigation strategies.
- Develop a working playbook for incident response.
- Collaboration and Training:
- Work with IT and development teams to ensure secure design and deployment of new technologies and systems.
- Provide training and guidance to staff on security best practices.
- Collaborate with external partners and vendors on security matters.
- Documentation and Reporting:
- Maintain detailed documentation of security incidents, solutions, and outcomes.
- Prepare and present security reports to management.
- Stay current with emerging security trends, threats, and technologies, and provide recommendations for improvements.
Essentials to Succeed
- 4+ years of experience in information security or a related role.
- Strong knowledge of security principles, techniques, and technologies.
- Excellent in vulnerability management and reporting.
- Proficiency in scripting and automation (e.g., Python, Bash etc).
- Familiarity with regulatory requirements and standards such as ISO 27001, GDPR, PDPA would be a plus
- Relevant certifications to support your skills would be a plus.
- Excellent problem-solving skills and attention to detail.
- Strong communication skills and ability to work collaboratively.
- Experience working on any cloud technologies and securing the same. (AWS, Azure, GCP).
- Knowledge of DevSecOps practices.
- Knowledge of incident response and forensic analysis.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Audits Automation AWS Azure Bash Cloud DevSecOps Exploits GCP GDPR Incident response ISO 27001 Monitoring Pentesting Python Risk assessment Scripting Vulnerability management
Perks/benefits: Career development Competitive pay Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Security Consultant jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open DevSecOps-related jobs