Security Engineer - Merchant Payment
Jakarta
Applications have closed
Gojek
Gojek is Southeast Asia’s leading on-demand platform and a pioneer of the multi-service ecosystem model, providing access to a wide range of services including transportation, food delivery, logistics and more.A Security Engineer is a go-to expert in one or more information security disciplines with an expertise wide understanding of security architecture, processes, alignment to stakeholder teams, and accountability for effective measurement of security metrics. H/she should have prior experience in leading and executing large and technically complex security projects and initiatives.
Security Engineers typically acquire the skills, knowledge, and experience necessary to meet the expectations of this level with 3-6 years of relevant industry experience. This would be a role within Merchant Payment Security Engineering and as a first line engineer, this will be mostly to perform manual and automated code and infrastructure reviews, software security testing and vulnerability assessments for cloud based tech stack, leading a creation of technical documentation and scripting for automating DevSecOps, besides independently handling product security reviews.
What you will do
- Participates in development of a small to medium complexity security project, process, or initiative within their technical focus area (cloud security, identity access management, vulnerability management, penetration testing, etc.)
- Designs, develops and maintains small to medium complexity security features and/or process changes with some guidance from more experienced team members
- Scope of activities are scoped to functional security assignments from senior team members or managerImproves security operations by enhancing use cases, processes, and/or code structure
- Implements medium complexity security tasks for projects and delivers concise and clear deliverablesContributes to automation of repeated manual tasks to improve team productivity
- Manages timely delivery for him/herself own tasksHas an in-depth understanding of at least one security domain (application, network, identity access mgmt, vulnerability mgmt, incident response, encryption, remote access etc)
- Takes responsibility for deliverables, production, process improvements
- Looks to leadership for mentorship to help removes dependency from him/herself by writing concise documentation for security use cases and operational improvements
- Collaborates in security reviews that follow the standards and practices of information security best practices that are recognized by their team members
What you will need
- Good communication skills in English and Bahasa indonesia also should have the attitude for solving problems from scratch
- Awareness of critical concepts in DevSecOps and Agile principles
- A strong acumen and understanding of tech architecture for cloud native and microservices based web and mobile applications besides API contracts
- Independently driving security posture enhancement projects like automation, threat modelling, ‘security-as-code’, application security validation/testing/ QA integration and vulnerability/bug remediation through calibration and filtering false positives
- Experience in using manual and automated scanners like Nessus, Nexpose, Qualysguard, nmap. OpenVAS, Nexpose besides PT kits like Kali Linux, Metasploit etc.
- Excellent knowledge of at least 1 programming language to help with daily use work, Python/GoLang preferred.
- Knowledge of microservice application architecture and Cloud security include cloud native tech like K8s, Dockers, etcUsage of automation development tools like CI/CD, Chef, etc.
- The habit of developing tools over using existing ones, also mandatory have certification CISSP, OSCP, CEH
The Security engineering team in Merchant Payment is responsible for driving security and privacy by design within the product lifecycle and engineering processes besides continuously researching and responding to evolving threats which could impact merchant payment product’s viability to service its customers and remain compliant to the local laws and regulations as amicable.
About Us
Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.
As of 2021, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.
Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.
Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security Automation CEH CI/CD CISSP Cloud DevSecOps Encryption Golang Incident response Kali Linux Metasploit Microservices Nessus Nmap OpenVAS OSCP Pentesting Privacy Product security Python Scripting Vulnerability management
Perks/benefits: Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs