Senior Devsecops Engineer

Company Description

Life at Grab

At Grab, every Grabber is guided by The Grab Way, which spells out our mission, how we believe we can achieve it, and our operating principles - the 4Hs: Heart, Hunger, Honour and Humility. These principles guide and help us make decisions as we work to create economic empowerment for the people of Southeast Asia.

Job Description

Get to know the team 

The DevSecOps team at Grab is dedicated to integrating security practices into our development and operations processes. With a focus on ensuring the security and reliability of our services, we strive to stay ahead of emerging threats and protect our users' data.

Get to know the role 

We are seeking a talented and experienced Senior DevSecOps Engineer to join our dynamic team. The ideal candidate will possess a strong background in DevSecOps tools, application security and automation. As a Senior DevSecOps Engineer, you will play a crucial role in architecting and implementing secure DevOps practices across our organization.

Responsibilities:

• Implement and maintain DevSecOps tools such as Static Security Testing, Dynamic security Testing, Dependency scanning solutions and Supply Chain Security.
• Develop and automate security processes using Python and Go Lang to enhance efficiency and scalability.
• Collaborate with cross-functional teams to integrate security into the software development lifecycle (SDLC) and CI/CD pipelines.
• Provide expertise and guidance on application security best practices and assist in the implementation of secure coding standards.
• Conduct security assessments, vulnerability scanning, and penetration testing to identify and remediate security vulnerabilities.
• Stay abreast of emerging security threats, industry trends, and best practices in DevSecOps.

Qualifications

The Must-Haves:

• Proven experience in DevSecOps practices, including the implementation and management of DevSecOps tools such as GIT, SAST, DAST, Secret Scanning, and dependency scanning solutions.
• In-depth knowledge of application security principles, common vulnerabilities, and secure coding practices. Excellent knowledge of pen-testing tools and procedures for Web/Mobile.
• Strong programming skills in one of the languages (preferably GoLang or Python)
• Experience with containerization technologies (e.g., Docker, Kubernetes) and cloud platforms (e.g., AWS, Azure, GCP).
• Excellent communication and collaboration skills with the ability to work effectively in a fast-paced, team-oriented environment.
   

The Nice-to-Haves:

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 7+ years of security industry experience utilizing web/mobile application security and knowledge of the security / threat landscape.
• Experienced in vulnerability management, patching automation, and understanding of VA/PT techniques
• Demonstrated proficiency in setting up and managing CI/CD pipelines, particularly in platforms such as GitLab and Jenkins.
• Extensive experience in safeguarding software supply chains, ensuring the integrity and security of dependencies and components throughout the development lifecycle. 
• Cyber Security certifications like OSCP/OSCE/CREST/CDE will be an added advantage

Additional Information

Our Commitment

We recognize that with these individual attributes come different workplace challenges, and we will work with Grabbers to address them in our journey towards creating inclusion at Grab for all Grabbers.