Senior Security Engineer

Our JourneyShopBack was born one night in 2014 when co-founders Henry and Joel were toying around (with entrepreneurial ideas) in Henry's car. Their brainstorming session sparked the concept of a more rewarding way to shop, starting with the idea of earning online Cashback.
From those late-night musings emerged the ShopBack Group, now the leading shopping, rewards, and payments platform in Asia-Pacific. With over 45 million shoppers across 12 markets (and counting!), ShopBack now facilitates more than half a million transactions daily for over 20,000 online and in-store partners.
Fresh off its debut in the European market, ShopBack is on the lookout for thrill-seekers to embark on this exhilarating journey to build The World's Most Rewarding Way to Shop. Get ready for the ride of a lifetime: a blend of startup spirit woven into a solid business foundation.
Warning: Not for the faint-hearted. Possible side effects may include spending more on shopping (but don't worry — you earn Cashback).==========
We are seeking a skilled and dedicated Security Engineer to join our team. The Security Engineer will be responsible for ensuring our information systems' integrity, confidentiality, and availability. This role involves designing, implementing, and maintaining security protocols, monitoring potential security breaches, and responding to incidents to protect our organization’s data and infrastructure.

Your Adventure Ahead

• Design and Implementation:
• Review Design and architecture documents and threat model the same along with engineering teams.
• Build and implement proactive security solutions like libraries, SDK, etc to make our systems and services secure-by-default. 
• Develop and implement security policies, protocols, and procedures. 


• Testing and Audit:
• Understand information security concepts & be able to conduct vulnerability assessments and penetration testing on Web, Mobile, Infra, REST APIs.
• Do secure code reviews using tools. Should be able to write custom code review rulesets.
• Build and maintain toolings and processes to support the DevSecOps pipeline.
• Should be able to recommend solutions or compensatory controls to fix security issues or reduce the risk to acceptable extent.
• Develop quick proof of concept to test hypotheses and explain exploits.
• Perform and support audits by providing relevant information and evidence.
• Perform third-party risk assessment when needed.


• Monitoring and Response:
• Monitor and setup alerting on WAF and application and cloud logs. 
• Respond to security incidents, conducting thorough investigations and providing mitigation strategies.
• Develop a working playbook for incident response.


• Collaboration and Training:
• Work with IT and development teams to ensure secure design and deployment of new technologies and systems.
• Provide training and guidance to staff on security best practices.
• Collaborate with external partners and vendors on security matters.


• Documentation and Reporting:
• Maintain detailed documentation of security incidents, solutions, and outcomes.
• Prepare and present security reports to management.
• Stay current with emerging security trends, threats, and technologies, and provide recommendations for improvements.

Essentials to Succeed

• 4+ years of experience in information security or a related role.
• Strong knowledge of security principles, techniques, and technologies.
• Excellent in vulnerability management and reporting.
• Proficiency in scripting and automation (e.g., Python, Bash etc).
• Familiarity with regulatory requirements and standards such as ISO 27001, GDPR, PDPA would be a plus
• Relevant certifications to support your skills would be a plus.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills and ability to work collaboratively.
• Experience working on any cloud technologies and securing the same. (AWS, Azure, GCP).
• Knowledge of DevSecOps practices.
• Knowledge of incident response and forensic analysis.

Exclusively for ShopBackers* Hybrid working and work-from-anywhere benefit* Competitive compensation * Transparent career progression paths and learning opportunities* Candid, open and collaborative culture* Talented and driven teammates across the world* Fun-filled activities and celebrations all year round