Product Security Engineer
TravelokaSingapore4 days ago
Full-timeInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
It's fun to work in a company where people truly BELIEVE in what they're doing!
Job Description
Job Scope
Requirements
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
Job Description
Job Scope
- Carry out manual and automated review of source code to identify security vulnerabilities and risks
- Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems
- Implement hardening and secure framework such as RASP, WAF, safe library, and security decorator functions
- Perform vulnerability assessment & penetration testing on web API, front-end service, internal RPC, and mobile application
- Attend design reviews and actively lead the discussions from a security standpoint
- Analyze possible security incident related to application security such as payment abuse or sensitive data exposure via web API
- Ensure that product security requirements are identified early on and are being baked into all projects
- Provide effective recommendations or patches to mitigate security vulnerabilities
- Develop in-house tools to integrate with SDLC and to track and derive security metrics
Requirements
- Bachelors Degree in Computer Science or equivalent
- Relevant professional experience or extensive experience in security activities (e.g. CTF, bug bounty, security research, publications, blog)
- Practical knowledge of modern software development such as microservices, application containerization, REST architecture, object oriented programming, stateless/stateful authentication, and cloud platform
- Working knowledge of one or more of these programming languages: Java, JavaScript, Kotlin, C#, Objective-C, Swift
- Experience in security code review, vulnerability assessment, and penetration testing.
- Knowledge of common vulnerabilities such as OWASP Top 10 and CWE including business logic issue (e.g. IDOR)
- Core skill set in two or more of the following areas:
- JavaScript framework (e.g. React)
- Java framework (e.g. Spring)
- Android / iOS platform
- DevOps
- AWS
- Automation tool development
- Dynamic debugging
- Unit testing
- Algorithm & data structure
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
Key Skills
Ranked by relevanceReady to apply?
Join Traveloka and take your career to the next level!
Application takes less than 5 minutes