Product Security Engineer, Merchant Platform

About the Role
If you’re looking to be a part of a dynamic, highly-analytical team and an opportunity to dive deep into projects surrounding Product Security, look no further. As our Product Security Engineer for Merchant Platform, you’ll take the wheel in building and maintaining our product security program and. Along with conducting product security, you will be in charge of ensuring security best practices implementation within the Merchant Platform product and infrastructure. Working closely with data and engineering, you will get to provide a secure platform for our merchants, partners, and consumers. The cherry on top: you’ll get to be a part of a team that works to provide the best protection by having a high standard of information security

What You Will Do

• Independently responsible for the entire lifecycle of security projects or features including security design, development, testing, deployment, implementation and operations
• Provide technical solution for IT operation and software development team to design a secure application & infrastructure environment, perform penetration testing on application, and maintain the application and infrastructure to fulfill the security best practices
• Designs, develops and maintains small to medium complexity security features and/or process changes with some guidance from more experienced team members.
• Handle and report security incidents and/or findings and communicate to respective stakeholders
• Contribute to automation of security testing based on part of secure SDLC
• Concise documentation for security use cases and operational improvements
• Collaborates in security reviews that follow the standards and practices of information security best practices that are recognized by their team member
• Maintain an up to date information on newest security vulnerability and document plan on mitigation process

What You Will Need

• Have an in-depth knowledge on Mobile and Web App Security, Vulnerability Management and Penetration Testing
• Preferable to have knowledge on other cyber security domains such as Identity Access Management, DevSecOps, Incident Response, Cloud Security, Zero Trust, etc
• Strong acumen and understanding of tech architecture for cloud native and microservices based web and mobile applications.
• Detailed working knowledge of low-level network protocols (e.g. HTTP, IPv4, TCP, UDP, ICMP, Ethernet, and 802.11),  Penetration Testing, Linux/Unix system, Orchestration (Docker, Kubernetes), and Cloud Security
• Strong experience in penetration testing, documentation, and great attention to detail.
• Detailed working knowledge of programming skills for IT security automation, such as python, PHP, or bash scripting.
• Preferable to hold IT Security certifications such as OSCP, eWPT, CCSP, or similar certification.
• Demonstrated good communication,  interpersonal skills, and Speak and write in English with business-level fluency

About the Team
The Product Security team in Merchant Platform is responsible for driving security and privacy by design within the product lifecycle and engineering processes besides continuously researching and responding to evolving threats which could impact Merchant Platform product’s viability to service its customers and merchants and remain compliant to the local laws and regulations as amicable. 
We are a small team of 13 people based in Jakarta. The great thing about having a small team is that we've all naturally grown very close, both professionally and personally, and really rely on each other to get the job done. Since we started WFH, our team has had a bi-weekly "fun hour" on Thursdays via Zoom. We use the time to share knowledge, update each other on our lives, sometimes work on a joint side project for research and learning, or simply play online games together!

About Us
Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.
As of 2018, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.
Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.
Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.