Senior Product Security Engineer

A senior product security engineer is a go-to expert in one or more information security disciplines with an expertise wide understanding of security architecture, processes, alignment to stakeholder teams, and accountability for effective measurement of security metrics. S/he should have prior experience in leading and executing large and technically complex security projects and initiatives.
Senior security engineers typically acquire the skills, knowledge, and experience necessary to meet the expectations of this level with at least 5 years of relevant industry experience.

What You Will Do

• Participates in development of a small to medium complexity security project, process, or initiative within their technical focus area (cloud security, identity access management, vulnerability management, penetration testing, etc.)
• Designs, develops and maintains small to medium complexity security features and/or process changes with some guidance from more experienced team members.
• Scope of activities are scoped to functional security assignments from senior team members or manager
• Improves security operations by enhancing use cases, processes, and/or code structure.
• Implements medium complexity security tasks for projects and delivers concise and clear deliverables
• Contributes to automation of repeated manual tasks to improve team productivity
• Manages timely delivery for her own tasks
• Has an in-depth understanding of at least one security domain (application, network, identity access mgmt, vulnerability mgmt, incident response, encryption, remote access etc)
• Takes responsibility for deliverables, production, process improvements
• Reaches out to peers to clarify the requirements for the story s/he is working on
• Looks to leadership for mentorship to help removes the dependency from him/herself by writing concise documentation for security use cases and operational improvements
• Collaborates in security reviews that follow the standards and practices of information security best practices that are recognized by their team members
• Collaborates with senior security engineers to flesh out implementation details
• Internalizes GOJEK values and uses them in day to day interaction as a second nature
• Draws & learns security architecture and technologies
• Exhibits "Communicate with Purpose" in all of their interactions
• Exhibits "Criticism is a Gift" by taking advice constructively and learning to provide quality feedback
• Communicates understanding of the problem and the solution to team members before implementing it
• Exhibits "Shoot for Greatness" by constantly increasing the quality of their deliverables
• Follows interview guidelines and participates in the interview process by pairing with senior team members
• Fully accepts criticism as a gift and uses it to constantly improve

What You Will Need

• A strong acumen and understanding of tech architecture for cloud native and microservices based web and mobile applications besides API contracts
• Independently driving security posture enhancement projects like automation, threat modelling, ‘security-as-code’, application security validation/testing/ QA integration and vulnerability/bug remediation through calibration and filtering false positives
• Experience in using manual and automated scanners like Nessus, Nexpose, Qualysguard, nmap. OpenVAS, Nexpose besides PT kits like Kali Linux, Metasploit etc. Mandatory certification CISSP, OSCP, CEH
• Bonus points if: Desirable certifications like CSSLP, LPT, SANS-GPEN, SABSA

About Us
Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.
As of 2018, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.
Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.
Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.