Product Security Engineer
TravelokaSingapore15 hours ago
Full-timeInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Job Description Job Scope
- Carry out manual and automated review of source code to identify security vulnerabilities and risks
- Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems
- Implement hardening and secure framework such as RASP, WAF, safe library, and security decorator functions
- Perform vulnerability assessment & penetration testing on web API, front-end service, internal RPC, and mobile application
- Attend design reviews and actively lead the discussions from a security standpoint
- Analyze possible security incidents related to application security such as payment abuse or sensitive data exposure via web API
- Ensure that product security requirements are identified early on and are being baked into all projects
- Provide effective recommendations or patches to mitigate security vulnerabilities
- Develop in-house tools to integrate with SDLC and to track and derive security metrics
- Bachelor's Degree in Computer Science or equivalent
- Relevant professional experience or extensive experience in security activities (e.g. CTF, bug bounty, security research, publications, blog)
- Practical knowledge of modern software development such as microservices, application containerization, REST architecture, object-oriented programming, stateless/stateful authentication, and cloud platform
- Working knowledge of one or more of these programming languages: Java, JavaScript, Kotlin, C#, Objective-C, Swift
- Experience in security code review, vulnerability assessment, and penetration testing.
- Knowledge of common vulnerabilities such as OWASP Top 10 and CWE including business logic issues (e.g. IDOR)
- JavaScript framework (e.g. React)
- Java framework (e.g. Spring)
- Android / iOS platform
- DevOps
- AWS
- Automation tool development
- Dynamic debugging
- Unit testing
- Algorithm & data structure
Key Skills
Ranked by relevanceReady to apply?
Join Traveloka and take your career to the next level!
Application takes less than 5 minutes