Security Engineer - Product Security
Indonesia - Jakarta, Green Office Park 1
Traveloka
Explore the world & live life your way. Best prices for hotels, flights, & attractions. Plan your own perfect trip.It's fun to work in a company where people truly BELIEVE in what they're doing!
Job Description
Job DescriptionProduct Security Engineer at Traveloka will be required to ensure that our products and services are shipped with high security standards through application security testing, hardening, and secure framework. A Product Security Engineer will be smart and self starter. The person needs to find unique ways to understand complex software architecture and should be able to perform manual security code review. They need to be able to integrate security in the software development process with defense-in-depth strategies such as automated testing in CI/CD pipeline. A Product Security Engineer preferably needs to have a software development background and should have practical programming knowledge.
They will work very closely with our Software Engineering Team to implement Secure SDLC in Traveloka. They will also need to have proficiency in handling multiple projects based on different frameworks and groups.
Requirements
Responsibilities
With limited guidance, completes manual and automated review of source code to identify security vulnerabilities and risks
Defines and designs overall vulnerability assessment & penetration testing strategy on web API, front-end service, internal RPC, and mobile application
Conducts security planning, defines testing scope, timeline, focus and budget for automated security testing tools implementation, hardening and secure framework such as RASP, WAF, safe library, security decorator functions, and their deployment within continuous integration systems
Provides effective recommendations and influence implementation to mitigate and improve security vulnerabilities in all projects of own domain and others
Leads investigation of possible security incident related to application security such as payment abuse or sensitive data exposure via web API
Defines strategy and plan to develop in-house tools to integrate with SDLC and to track and derive security metrics
Qualifications
Skills & Experience
Practical knowledge of modern software development such as microservices, application containerization, REST architecture, object oriented programming, stateless/stateful authentication, and cloud platform
Strong working knowledge of one or more of these programming languages: Java, JavaScript, Kotlin, C#, Objective-C, Swift
Experience in security code review, vulnerability assessment, and penetration testing.
Experience in development and automation.
Ability to work on multiple complex projects across domains
Knowledge of common vulnerabilities such as OWASP Top 10 and CWE including business logic issue (e.g. IDOR)
Core skill set in two or more of the following areas:
JavaScript framework (e.g. React)
Java framework (e.g. Spring)
Android / iOS platform
DevOps
AWS
Automation tool development
Dynamic debugging
Unit testing
Algorithm & data structure
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs Application security Automation AWS C CI/CD Cloud DevOps iOS Java JavaScript Kotlin Microservices OWASP Pentesting Product security SDLC Strategy Vulnerabilities
Perks/benefits: Career development Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.