Security Engineer - Blue Team

  • Jakarta, Indonesia
  • Full-time

Company Description

Traveloka is a technology company based in Jakarta, Indonesia. Founded in 2012 by ex-Silicon Valley engineers and aims to revolutionize human mobility with technology. Today Traveloka is expanding its reach by operating in six countries and experimenting with new endeavors that will create large impact in the markets and industries we touch.

Job Description

Security Engineer at Traveloka will be required to ensure that our products and services are tested and audited thoroughly before and after they are put in production. An Application Security Engineer will be smart and self starter. The person needs to find unique ways to test applications and should also be able to run standard web application tests. They need to be able to create POC’s to support their findings during Security and Vulnerability analysis. An application Security Engineer preferably needs to have Software development background.

They will work very closely with our Red Team to develop a testing strategy that will be effective in minimizing the security risk profile of our applications. They should preferably be able to read and implement Threat Modeling outcomes to design appropriate test cases and testing methodology.

They will also need to have proficiency in handling multiple projects based on different frameworks and groups.

 

Responsibilities

  • Carry out manual and automated review of source code (JavaScript, Java, C, C++, Objective C) for security vulnerabilities

  • Proficiency in at least two programming languages (C, Python, Javascript, Java, C++)

  • Actively develop internal assessment tools and methodologies to identify new security issues

  • Perform penetration testing of websites and web services

  • Implement static and dynamic automated security testing tools and their deployment within continuous integration systems

  • Attend design reviews and actively lead the discussions from a security standpoint

  • Engage in the security program through a very close collaboration with all development teams

  • Participate in the creation of all necessary documentation for execution of the Application Security program

  • Evaluate application development and implementation activities for possible vulnerabilities

  • Ensure that Application Security requirements are identified early on and are being baked into all projects

  • Drive Application Security awareness and remediation of identified vulnerabilities

  • Develop in-house tools to integrate with SDLC and to track and derive security metrics

Qualifications

Skills & Experience

  • Driven and organized self-starter, should be comfortable working in a remote or local team.

  • 3 - 5 years Application Security experience

  • Software development background

  • Experience with secure coding guidelines, static analysis and penetration testing

  • Experience in remediating complex enterprise level security issues

  • Experience with use and integration of commercial tools like Burp, Checkmarx, Blackduck, etc

  • Proficiency in implementing and using Open Source Security tools such as sqlmap, qark, sqlninja, beef, Metasploit, http proxies and debugging tools.

  • Working knowledge of programming languages such as C, JavaScript, Java and web based technologies

  • Excellent communication skills both oral and written, with experience of presentations and reports

  • Security certification a plus - GPEN, GWAPT, GWEB, CISSP, OSCP, etc

  • Membership and active participation in security organizations such as OWASP, ISSA and SANS