Senior Information Security Associate


Gojek logo
Apply now Apply later

Posted 4 weeks ago

About the role:
As an Information Security Engineer, we are looking for someone who can plan and execute his/her position and responsibilities with guidance from their manager. Senior Security Associates typically acquire the skills, knowledge, and experience necessary to meet the expectations of this level with 2-4 years of relevant industry experience.
This would be a role within Gojek Product Security and as a second-line engineer, this will be mostly to perform manual and automated code reviews, software security testing, and vulnerability assessments for cloud-based tech stack, assist in technical documentation and scripting for automating DevSecOps, besides independently handling product security reviews.

What you’ll do / Responsibilities:

  • Research and report on information security topics in support of security projects and initiatives
  • Participate in InfoSec meetings under direct supervision
  • Assist senior staff members with security tasks including simple operations and projects
  • Execute and complete basic security tasks
  • Contribute and document security use cases under guidance of senior team members
  • Compile security reports, gather user and system data related to policies and initiatives
  • Learn and operate security tools and perform entry level security operational tasks

What you’ll need / Requirements:

  • At least 2+ yrs of relevant industry experience
  • Software programming skills in and microservices application architecture
  • Thorough understanding of OWASP Top 10 for Web, Mobile and APIs
  • Cloud security basics include cloud native tech like K8s, Dockers, etc
  • Usage of Pentest and VA tools like Nessus, Metasploit, Nexpose, nmap, OpenVAS, etc
  • Usage of SAST an DAST tools like OWASP ZAP, BurpSuite etc

About the team: The Product Security team in Gojek is responsible for driving security and privacy by design within the product lifecycle and engineering processes. We also focus on continuously researching and responding to evolving threats that could impact Gojek product’s viability to service its customers and remain compliant to the local laws and regulations as amicable.
About Us
Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.
As of 2018, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.
Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.
Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.
Job tags: Architecture BurpSuite Google Metasploit Nmap