Charmaine is a Marketing graduate from the Singapore University of Social Sciences who is passionate about the dynamic and ever-changing media industry. Having dipped her toes in creative advertising, market research and video production, Charmaine is currently part of the Employer Branding & Rec...
Grab is one of Southeast Asia’s leading superapp that provides everyday services such as mobility, deliveries (food, packages, groceries), mobile payments and financial services to millions of Southeast Asians.
Grab aims to use technology to empower its communities and elevate the quality of life for everyone.
1. Trust that you will have a safe ride
Travel with confidence knowing that Grab’s top priority is your safety. From driver safety training and vehicle safety checks, to personal accident insurance coverage for all our drivers and passengers and government partnerships to promote safety, you know we have your back.
2. Take the transport option that fits your need
We put freedom in your hands. The most transport options, at every price point, with comfort, speed and affordability – you can have it all at the touch of a button.
3. Let us take care of you
We believe that a sustainable business is one that improves the lives of the people it touches – passengers, drivers, employees, governments and society at large.
Life at Grab is all about positive disruption – and yes, crazy days are part of that package too. Still, that’s never stopped a Grabber from having fun. In fact, it’s what keeps us motivated to shake things up further.
Life as a Grabber means succeeding in a culture of passion and innovation. We are hungry to make a difference, and recognise that good decisions often come from the heart. We are humbled by our communities, and are proud to serve them with honour. We come from all over the world, united by a common goal to make life better everyday for our users.
If you share our mission of Driving Southeast Asia Forward, apply to be part of the team today!
Get to know our Team:
The Grab’s AppSec security engineering team is part of the cybersecurity team at Grab, and we focus on the problem of keeping our systems /apps/services safe and protecting our customers while adapting to the high-speed growth of our business and our enormous scale.
We are the team focusing on keeping interactions on our platform as simplified as possible using advanced engineering to detect, mitigate, and remediate vulnerabilities and security flaws in Grab.
Get to know the Role:
We are looking for an outstanding Security Engineer who will be performing system architecture review, code review, training of staff, and organising penetration testing and possible red teaming for Grab applications and services.
The job might also involve incident prevention and response and includes individual as well as teamwork and the applicant should feel comfortable with both.
The ability to perform systems security or vulnerability analysis and design is a must.
Demonstration of excellent communication skills, creative problem solving, and strong passion is a must.
Must be a team player with proven success in achieving aggressive deadlines.
The day-to-day activities:
• Identification and remediation of high priority [web] application/environment security issues, including:
• Screening potential issues
• Providing remediation guidance
• Conducting validations of potential fixes or mitigations
• Providing risk and impact assessments of vulnerabilities or proposed mitigations
• Supporting other 24/7 Cyber Security teams with application security expertise
• Managing Grab’s Bug Bounty Program on HackerOne
• Triage security issues reported from Grab’s Bug bounty program
• Follow-up with the relevant development teams for fixes.
• Follow-up and help Incident response team with the investigation
• Conducting security architecture review of the full stack including applications built on cloud and emerging technologies
• Conducting manual application security testing and source code auditing for a variety of technologies
• Providing clear and detailed risk assessment and remediation guidelines for developers and business owners
• Conducting penetration testing targeting critical Application data, services, and environments; reporting underlying security issues and proposing improved security protections
• Security research on the latest standard methodologies, trends, threats, and vulnerabilities, and technology frameworks
• Documenting and disseminating security guidelines for common security issues, remediation mentorship, and security technology baselines
• Developing tools and exploits to support application security review and/or penetration testing There may be occasional travel to meet other team members in other regions.
• Technical ability: Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, GoLang, C++. Excellent knowledge of pen-testing tools and procedures for Web/Mobile.
• Flair for automation: Should be passionate about automating security testing and penetration testing using tools and code
• Architecture skills: Passion for system architecture with a primary focus on security aspects
• Security knowledge: Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organisation via enhancements to the existing environment.
• Communication: Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations, and assist in developing the architecture and implementation plan for approved solutions.
• Teamwork and advocacy: Fostering a culture of security consciousness across various teams.
• Data-Driven: Develop and maintain a comprehensive set of security benchmarks and guidelines that are readily adoptable by the system and network administrators and software engineers.
• Fundamental understanding of Security practices.
Nice to Have:
• Experienced in vulnerability management, patching automation and understanding of VA/PT techniques
• Knowledge of information security standards like OSCP\OSCE\CREST will be an added advantage
Click "I'm interested" and find out more!