Senior Security Engineer, Application Security

:

Life at Grab

At Grab, every Grabber is guided by The Grab Way, which spells out our mission, how we believe we can achieve it, and our operating principles - the 4Hs: Heart, Hunger, Honour and Humility. These principles guide and help us make decisions as we work to create economic empowerment for the people of Southeast Asia.

Get to Know the Team

The Grab’s Application Security team is part of the Cyber Security team at Grab, and we focus on keeping our application and data safe while adapting to the high-speed growth of our business.

We are the team who focus on exploring and using advanced techniques to detect, mitigate, and remediate vulnerabilities and security flaws in Grab. If you are looking for an environment where you could continuously learn and grow, then you should join our team!

Get to Know the Role

We are looking for someone who is passionate about exploring new technologies (i.e. LLM) and methodologies to elevate and participate in redefining a new generation of Application Security function.

This role will report into the Application Security function; working alongside other security engineers who are responsible for Application Security of apps and services in the areas of threat modeling, specification reviews, code reviews, and penetration testing. We believe a successful candidate is a team player, who has excellent communication skills, creative problem solving ability, and a strong passion in cybersecurity, but if you believe you have what it takes then we’d love to hear from you either way. This role is required because we care about our Grab’s mission and we would like someone who is outstanding to perform code review and organize penetration testing and possible red teaming for various systems at Grab.

The Day-to-Day Activities:

• Follow-up and help Cyber incident response team with the investigation
• Develop tools and exploits to support application security review and/or penetration testing
• Providing remediation guidance to issue owners Conducting validations of potential fixes or mitigations
• Participate in Grab’s Bug Bounty Program on HackerOne Triage security issues reported from Grab’s Bug bounty program
• Identify and drive remediation of high-priority Web/Mobile application/environment security issues, including: Screening potential issues
• Document and disseminate security guidelines for common security issues, remediation mentorship, and security technology baselines
• Conduct application security testing and source code auditing for a variety of technologies
• Follow-up with the relevant development teams for fixes.
• Support other Cyber Security teams with application security expertise
• Research on the latest cybersecurity standard methodologies, trends, threats, and vulnerabilities, and technology frameworks
• Provide clear and detailed risk assessment and remediation guidelines for developers and business owners
• Providing risk and impact assessments of vulnerabilities or proposed mitigations
• Conduct penetration testing targeting critical Application data, services, and environments; reporting underlying security issues and proposing improved security protections

The Must-Haves:

• Strong understanding of defense in-depth methodologies.
• 7+ years of security industry experience utilizing web/mobile application security and knowledge of the security / threat landscape.
• Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organization via enhancements to the existing environment.
• Passionate about automating security testing and penetration testing using tools and code
• Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations, and assist in developing the architecture and implementation plan for approved solutions.
• Teamwork and advocacy: Fostering a culture of cybersecurity across various teams.
• Strong, proven track record of delivering results in fast-paced, resource-scarce environments
• Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, GoLang, C++.
• Working experience with cloud technologies such as AWS, Google Cloud, Ali, and Azure.
• You have Heart, Hunger, Honour and Humility
• Excellent knowledge of pen-testing tools and procedures for Web/Mobile.

The Nice-to-Haves:

• Experienced in vulnerability management, patching automation, and understanding of VA/PT techniques
• Cyber Security certifications like OSCP/OSCE/CREST will be an added advantage

Our Commitment

We are committed to building diverse teams and creating an inclusive workplace that enables all Grabbers to perform at their best, regardless of nationality, ethnicity, religion, age, gender identity or sexual orientation and other attributes that make each Grabber unique.