Security Engineer - Blue Team
- Jakarta, Indonesia
Traveloka is a technology company based in Jakarta, Indonesia. Founded in 2012 by ex-Silicon Valley engineers and aims to revolutionize human mobility with technology. Today Traveloka is expanding its reach by operating in six countries and experimenting with new endeavors that will create large impact in the markets and industries we touch.
Security Engineer at Traveloka will be required to ensure that our products and services are tested and audited thoroughly before and after they are put in production. An Application Security Engineer will be smart and self starter. The person needs to find unique ways to test applications and should also be able to run standard web application tests. They need to be able to create POC’s to support their findings during Security and Vulnerability analysis. An application Security Engineer preferably needs to have Software development background.
They will work very closely with our Red Team to develop a testing strategy that will be effective in minimizing the security risk profile of our applications. They should preferably be able to read and implement Threat Modeling outcomes to design appropriate test cases and testing methodology.
They will also need to have proficiency in handling multiple projects based on different frameworks and groups.
Actively develop internal assessment tools and methodologies to identify new security issues
Perform penetration testing of websites and web services
Implement static and dynamic automated security testing tools and their deployment within continuous integration systems
Attend design reviews and actively lead the discussions from a security standpoint
Engage in the security program through a very close collaboration with all development teams
Participate in the creation of all necessary documentation for execution of the Application Security program
Evaluate application development and implementation activities for possible vulnerabilities
Ensure that Application Security requirements are identified early on and are being baked into all projects
Drive Application Security awareness and remediation of identified vulnerabilities
Develop in-house tools to integrate with SDLC and to track and derive security metrics
Skills & Experience
Driven and organized self-starter, should be comfortable working in a remote or local team.
3 - 5 years Application Security experience
Software development background
Experience with secure coding guidelines, static analysis and penetration testing
Experience in remediating complex enterprise level security issues
Experience with use and integration of commercial tools like Burp, Checkmarx, Blackduck, etc
Proficiency in implementing and using Open Source Security tools such as sqlmap, qark, sqlninja, beef, Metasploit, http proxies and debugging tools.
Excellent communication skills both oral and written, with experience of presentations and reports
Security certification a plus - GPEN, GWAPT, GWEB, CISSP, OSCP, etc
Membership and active participation in security organizations such as OWASP, ISSA and SANS