Security Engineer

Kuala Lumpur, Malaysia

Applications have closed

Company Description

Carousell Group is the leading multi-category platform for secondhand in Greater Southeast Asia on a mission to inspire the world to start selling, and to make secondhand the first choice. Founded in August 2012 in Singapore, the Group has a leading presence in seven markets under the brands Carousell, Cho Tot, Laku6, Mudah.my, OneShift, Ox Luxe, Ox Street, and Refash, serving tens of millions of monthly active users. Carousell is backed by leading investors including Telenor Group, Rakuten Ventures, Naver, STIC Investments and Sequoia Capital India. 

As a team of passionate individuals working together to solve meaningful problems, there is so much more for you to discover in a career with Carousell. Our culture is made up of hiring, developing, and promoting people who embody our values of HEART, which is an acronym for Humility, Empathy, Accountability, Relentlessly resourceful and Teamwork. Together as an organisation, we make magic happen.

About Mudah

Mudah.my Sdn. Bhd is Malaysia’s largest digital platform for selling and finding almost anything - from Cars to Cameras, Properties to Pets, Mobile phones to Motorcycles, Treadmills to Textbooks, Bicycles to Beds, Guitars to Golf sets, Plants to Printers, Watches to Washing machines, Tyres to Tablets, Dresses to Drums, Shoes to Shops, Collectibles to Computers, Jobs and more – Semua Pun Mudah! Mudah’s mission is to democratize commerce by empowering everyone, especially individuals and budding entrepreneurs, with a platform of equal opportunity.

    Job Description

    You Will:

    • Perform penetration testing, develop tools to automate it and enable more efficient discovery and resolution of security problems.

    • Supporting the incident response whenever application security expertise is required.

    • Respond to web security incidents and help evolve online security operations/procedures.

    • Identify security gaps and collaborate with product teams on improved hardening opportunities.

    • Perform architecture reviews to steer projects in the right direction early, participate in security code reviews, and perform penetration testing against products prior to shipping.

    • Develop secure coding practices and train engineering teams.

    • Periodically reviewing existing security policies, network topologies, and configurations to identify any opportunities to improve the network's overall security posture.

    Qualifications

    You Have: 

    • 4+ years of demonstrated experience in Cyber Security.

    • Experience working with incident response.

    • Experience in implementing and operating modern SDLC stack tooling (SAST/SCA/DAST/IAST).

    • Programming skills in at least one is a must: Python, Go, Java, etc.

    • Knowledge in cloud environments (GCP/AWS).

    Additional Information

    Good to Have:

    • Production experience in implementing Security practices and Zero Trust.

    • Strong understanding of web application architecture and design principles.

    • Background in software engineering in a collaborative and dynamic environment.

    • OSCP certification.

    • User obsession and empathy.

    • Focus on impact and results. You work on the right things and get them done.

    • Drive and resourcefulness to persevere and overcome obstacles achieving challenging goals.

    • High integrity and ability to positively collaborate with others.

    • Ability to speak and write succinctly and clearly in English.

    By proceeding with your application, you are adhering to our PDPA policies. In case you are interested to know more, read about our Candidates Personal Data Privacy Statement

    * Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

    Tags: Application security AWS Cloud DAST GCP IAST Incident response Java OSCP Pentesting Privacy Python SAST SDLC Zero Trust

    Perks/benefits: Startup environment

    Region: Asia/Pacific
    Country: Malaysia
    Job stats:  7  0  0

    More jobs like this

    Explore more InfoSec / Cybersecurity career opportunities

    Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.