About the Role They say no man is an island, and this holds true here at Gojek. As our product security engineer, you’ll be part of the Product Security team that directly impacts Gojek’s GoPay. Your main objective will be to oversee the entire lifecycle of security projects. Best yet, you’ll have the opportunity to flex your skills to do security design, development, testing, deployment, implementation and operations- getting us even closer to our ultimate goal of having highly a secured product. What You Will Do Responsible for the entire lifecycle of security projects or features including security design, development, testing, deployment, implementation and operations Provide technical solution for IT operation and software development team to design a secure application & infrastructure environment, perform penetration testing on application, and maintain the application and infrastructure to fulfill the security best practices Design, develop and maintain small to medium complexity security features and/or process changes with some guidance from more experienced team members Handle and report security incidents and/or findings and communicate to respective stakeholders Contribute to automation of security testing based on part of secure SDLC Concise documentation for security use cases and operational improvements Collaborate in security reviews that follow the standards and practices of information security best practices that are recognized by their team member Maintain up-to-date information on newest security vulnerability and document plan on mitigation process What You Will Need In-depth knowledge of several security domains (Vulnerability Management, Penetration Testing, Identity Access Management, DevSecOps, Incident Response, Mobile App Security, Cloud Security, Zero Trust, etc) Strong acumen and knowledge in tech architecture for cloud native and microservices based web and mobile applications Detailed working knowledge of low-level network protocols (e.g. HTTP, IPv4, TCP, UDP, ICMP, Ethernet, and 802.11), Penetration Testing, Linux/Unix system, Orchestration (Docker, Kubernetes), and Cloud Provider (GCP, AWS) Strong experience in penetration testing, security project management, documentation, disciplined, and great attention to detail Detailed working knowledge of programming skills for IT security automation, such as python, rails, bash scripting. Preferable to hold IT Security certifications such as OSCP, eWPTx, CISSP, CCSP Demonstrated good communication, speak and write in English with business-level fluency About the Team Working alongside the devops and the IT GRC team, we are mutually concerned with cyber threats. The gist of our role is to ensure the security and privacy within the product lifecycle of GoPay, including the engineering processes. For instance, should you have a question about how to protect our product's viability to service its customers, we are your people! And of course, our team has been busy continuously researching and responding to evolving threats as well as how to and remain compliant to the local laws and regulations as amicable.We are a tight-knit group made up of avid gamers and coffee connoisseurs. We work hard and play hard, and believe it or not, we actually enjoy each other’s company! About Us Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.' Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.As of 2018, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.
