Security Engineer II

Company Description

About Carousell Group

Carousell Group is the leading multi-category platform for secondhand in Greater Southeast Asia on a mission to make secondhand the first choice. Founded in August 2012 in Singapore, the Group has a leading presence in seven markets under the brands Carousell, Carousell Media Group, Cho Tot, Laku6, LuxLexicon, Mudah.my, OneShift, REFASH and Revo Financial, serving tens of millions of monthly active users. Carousell is backed by leading investors including Telenor Group, Rakuten Ventures, Naver, STIC Investments, 500 Global and Peak XV Partners (formerly known as Sequoia Capital India).

As a team of passionate individuals working together to solve meaningful problems, there is so much more for you to discover in a career with Carousell. Our culture is made up of hiring, developing, and promoting people who embody our values of HEART, which is an acronym for Humility, Empathy, Accountability, Relentlessly resourceful and Teamwork. Together as an organisation, we make magic happen.

About Chotot
Established in 2012, Chotot.com is the first recommerce platform in Vietnam pioneering classified 4.0 with more than 1 billion page views every month. On average, 9 out of 10 Vietnamese people are aware of Cho Tot when asking about selling and buying in any category. With the motto “Muốn Là Có” (“A Way to Your Wants”), we leverage technology to build a simple, efficient, and reliable platform that meets all the wants and needs in all stages of your life. There are more than 60 categories on Chotot.com, meaning whether you are looking for a house, a car, a job, a pet, or a piece of vegetable, you can find them on our site. Whether you are passing things you once loved or giving them to people in need, we are here to assist.
At Cho Tot, you will be part of our young and dynamic team in a fast-moving and fun-loving environment. You will receive opportunities to reach all the potentials you can think of in your career ladder. Cho Tot provides a competitive salary and full benefits. More importantly, we are a family within the company to support each other to learn, grow and immerse in new experiences every day. Every member of our family will be there with you on your path of passion to deliver the best online classified site to serve Vietnamese people. Being part of a bigger global organization, at Cho Tot you will also be given opportunities to collaborate with global distributed teams across the world to tackle and provide solutions for some of the most challenging problems in the emerging internet business space. Since 2019, Cho Tot is part of Carousell.

Job Description

Key requirements:

• 3+ years of demonstrated experience in CyberSecurity, preferred to be in Software/E-commerce companies
• Hands-on experience in implementing and operating modern SDLC stack tooling (SAST/SCA/DAST/IAST).
• Strong experience in application security, API security is essential
• Experience working with cloud platforms such as Google Cloud, AWS, or Azure.
• Good experience in troubleshooting security issues and knowledge of operating systems, databases and middleware security.
• Proficiency in at least one programming language such as Python, Golang, or similar.
• Experience in security and monitoring tools. Exposure to threat intelligence tools would be good to have.
• Having OSCP or an equivalent certification is advantageous

Role responsibilities:

• Conduct security reviews and threat modeling to guide projects early in their lifecycle, and participate in security code reviews to ensure robust protection from the outset.
• Perform comprehensive penetration testing of web applications, mobile applications, and APIs to identify security vulnerabilities.
• Promote the adoption of secure coding practices and provide comprehensive training to engineering teams.
• Integrate security throughout the Software Development Life Cycle (SDLC) by implementing and managing DevSecOps tools and processes. Automate security testing and remediation to enhance efficiency and maintain a robust security posture throughout the development pipeline.
• Conduct monthly infrastructure vulnerability scans to identify and address potential security weaknesses in our systems.
   

Additional Information

By proceeding with your application, you are adhering to our PDPA policies. In case you are interested to know more, read about our Candidates Personal Data Privacy Statement.