Security Engineer 1

Bengaluru, India

Applications have closed

Carousell Group

View company page

Company Description

Carousell Group is the leading multi-category platform for secondhand in Greater Southeast Asia on a mission to inspire the world to start selling, and to make secondhand the first choice. Founded in August 2012 in Singapore, the Group has a leading presence in seven markets under the brands Carousell, Cho Tot, Laku6,, OneShift, Ox Luxe, Ox Street, and Refash, serving tens of millions of monthly active users. Carousell is backed by leading investors including Telenor Group, Rakuten Ventures, Naver, STIC Investments and Sequoia Capital India.

Laku6 is the leading AI-first end-to-end Electronics Recommerce platform in Indonesia where our technology has helped over 500,000 users sell their gadgets directly for cash or via Trade-In with leading eCommerce Partners and in over 1,000 offline retail shops. We believe that making it easier for sellers to sell and safer for buyers to buy used-electronics and smartphones is a critical step to achieving that. 

In July 2022, we became a part of Carousell Group, via one of the largest capital investments to-date into the region's Electronics Recommerce space.

Laku6's technology integrated with Carousell's regional platform of tens of millions of users will make buying and selling used electronics more accessible than ever before for millions of users; this will extend the life-cycle of electronics goods and slow down the growth of e-waste.

Job Description

What will you be doing?

  • Perform security reviews/threat modelling to steer projects in the right direction early, participate in security code reviews, and perform penetration testing against products prior to shipping.

  • Promote the adoption of secure coding practices and provide comprehensive training to engineering teams.

  • Develop, document, and maintain security and compliance capabilities in support of DevOps processes.

  • Expertise finding and fixing common security vulnerabilities (e.g., OWASP Top 10)

  • Performing technical security assessments on our web applications, native clients, internal services


What do you need for the role?

  • 1- 3 years of demonstrated experience in CyberSecurity, preferred to be in Software/E-commerce companies

  • Hands-on experience in implementing and operating modern SDLC stack tooling (SAST/SCA/DAST/IAST).

  • Programming skills in at least one: Go, Java, Python, NodeJS, etc.


Preferred qualifications:

  • Production experience in security testing of web applications and native apps

  • Strong understanding of web application architecture and design principles

  • Background in software engineering in a collaborative and dynamic environment

Additional Information

By proceeding with your application, you are adhering to our PDPA policies. In case you are interested to know more, read about our Candidates Personal Data Privacy Statement

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Compliance DAST DevOps E-commerce Ecommerce IAST Java Node.js OWASP Pentesting Privacy Python SAST SDLC Security assessment Vulnerabilities

Perks/benefits: Career development Startup environment

Region: Asia/Pacific
Country: India
Job stats:  18  5  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.