Senior Staff Information Security Engineer
Bengaluru
Applications have closed
Gojek
Gojek is Southeast Asia’s leading on-demand platform and a pioneer of the multi-service ecosystem model, providing access to a wide range of services including transportation, food delivery, logistics and more.Fasten your helmet and climb on board if you’re ready to be our next Senior Staff Information Security Engineer. In this role, you will be the go-to expert in one or more information security disciplines with the expertise and wide understanding of security architecture, processes, alignment to stakeholder teams, and accountability for effective measurement of security metrics. You will be leading and executing large and technically complex security projects and initiatives and readily lead delivery teams of 4-6 security engineers. We, at Gojek, believe that Security is EVERYONE's responsibility and you will be holding the reigns to promote and lead "Security by Design" principles at Gojek.
What You Will Do
- Participate in the development of a small to medium complexity security project, process, or initiative within your technical focus area (i.e. cloud security, identity access management, vulnerability management, penetration testing)
- Design, develop, and maintain small to medium complexity security features and/or process changes with some guidance from more experienced team members
- Scope activities from functional security assignments from senior team members or manager
- Improve security operations by enhancing use cases, processes, and/or code structure
- Implement medium complexity security tasks for projects and delivers concise and clear deliverables
- Contribute to automation of repeated manual tasks to improve team productivity
- Collaborate in security reviews that follow the standards and practices of information security best practices recognized by your team members
What You Will Need
- At least 8 years of relevant industry experience
- Strong acumen and understanding of tech architecture for cloud-native and microservices based web and mobile applications
- Ability to drive security automation and DevSecOps within engineering life cycle, as well as vulnerability/bug remediation through calibration and filtering false positives
- Experience in using manual and automated scanners like Nessus, Nexpose, Qualysguard, nmap, OpenVAS, Nexpose, and PT kits like Kali Linux, Metasploit
- In-depth understanding of at least 3 security domains: application, network, identity access management, vulnerability management, incident response, encryption, remote access
- Mandatory certification CISSP / OSCP / CEH
- Desirable certifications: CSSLP, LPT, SANS-GPEN, SABSA
Gojek's Information Security team is a group of 70+ security engineers based primarily out of Bengaluru, Singapore, and Indonesia. The Product Security team, a sub-pod of the InfoSec team at Gojek, helps ensure that all applications, products, services, and platforms are being developed with adequate control measures to avoid security breaches, fraud, or abuse. To achieve this, we closely work with our product engineers and build secure software deployed within our cloud infrastructure. Additionally, we run the Gojek bug bounty programs and provide product security incident response capabilities.
Our mission is to enable Gojek engineering teams to build secure software while providing them the appropriate security context to make decisions and ultimately make Gojek the most trusted and safest platform to transact, eat, travel, and have fun 😊
As a team, we are concerned with the growth and safety of the company, and each other's personal growth and well being too. With WFH becoming more normalized, you best believe we have been sharing our favorite ways to prioritize a healthy work-life balance at home. Along with our desire to utilize smart technology and innovative engineering strategies to make people's lives easier, our team also bonds over our shared love for tea, and the latest movies & TV shows.
About Us
Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.
As of 2018, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.
Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.
Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.
Tags: Automation CEH CISSP Cloud DevSecOps Encryption GPEN Incident response Kali Linux Metasploit Microservices Nessus Nmap OpenVAS OSCP Pentesting Product security SANS Vulnerability management
Perks/benefits: Career development Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs