Product Security Engineer

Funding Societies | Modalku is the largest SME digital financing platform in Southeast Asia. We are licensed in Singapore, Indonesia, Thailand, and registered in Malaysia and operates in Vietnam. We are backed by Sequoia India and Softbank Ventures Asia Corp amongst many others and provides business financing to small and medium-sized enterprises (SMEs), which is crowdfunded by individual and institutional investors.
And here at Funding Societies | Modalku we live by our core values:

• Serve with Obsession: Build win-win relationships for the long-term by having a customer obsession.
• Grow Relentlessly: Strive to become our best, most authentic selves.
• Enable Teamwork, Disable Politics: Only by forging togetherness, we help each other succeed.
• Test Measure Act: Stay curious and reinvent ourselves, through innovation and experimentation.
• Focus on Impact: Create impact through bias for action and tangible results.
  

As a Product Security Engineer, you will mainly be responsible for securing our software products. You will also be responsible for raising security awareness in our organization. You will work with multiple stakeholders throughout the Software Development Life Cycle to identify security threats early and develop solutions to mitigate them. You will also work with external security vendors and researchers in various security programs.

Requirements

What you will do:

• Conduct design, architecture, and code review.
• Conduct vulnerability assessment, and penetration testing.
• Triage Bug Bounty reports and suggest appropriate secure recommendations to developers.
• Manage security bugs, including working with the relevant stakeholders to get the security bugs fixed according to the service level agreement.
• Raise security awareness, primarily in Engineering teams, by conducting security training and discussions.
• Develop security tools, including monitoring tools, and build custom integration with various third-party security tools.

What we are looking for:

• At least 2+ years of experience in application security.
• Experience in DevSecOps practices.
• A degree in Computer Science, Software Engineering, Information System, or related fields.
• Extensive experience in Product Security.
• Extensive experience in vulnerability assessment, and penetration testing.
• Good security knowledge, preferably in web and mobile security.
• Good understanding about software design and architecture.
• Good understanding about programming language, and is well versed in any popular scripting languages, such as Python or JavaScript.
• Good communication skills, both written and verbal.

Good to have :

• Certifications : OSWE, eWPT ,eWPTX ,eMAPT .
• OpenSource Project Contributions,security/technical blog , published CVE’s & Bug bounties

What it is in for you:

• Leading fintech startup in South East Asia that rapidly expanding into neobanking
• Work on mission critical systems that continuously face security threats
• Work with employees in multiple countries across South East Asia

Benefits

• Time off - We would love you to take time off to rest and rejuvenate. We offer flexible paid vacations as well as many other observed holidays by country. We also like to have our people take a day off for special days like birthdays and work anniversaries.
• Flexible Working - We believe in giving back the control of work & life to our people. We trust our people and love to provide the space to accommodate each and everyone's working style and personal life.
• Medical Benefits - We offer health insurance coverage for our employees and dependents. Our people focus on our mission knowing we have their back for their loved ones too.
• Mental Health and Wellness - We understand that our team productivity is directly linked to our mental and physical health. Hence we have Wellness Wednesdays and we engage partners to provide well-being coaching. And we have our Great FSMK Workout sessions too to keep everyone healthy and fit!
• Tech Support - We provide a company laptop for our employees and the best possible support for the right equipment/tools to enable high productivity